VCM5010
by Huawei
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2738 | Cri | 0.64 | 9.8 | 0.01 | Nov 22, 2017 | VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP… | ||
| CVE-2017-2737 | Hig | 0.57 | 8.8 | 0.00 | Nov 22, 2017 | VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system. | ||
| CVE-2017-2736 | Hig | 0.47 | 7.2 | 0.01 | Nov 22, 2017 | VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack. |
- risk 0.64cvss 9.8epss 0.01
VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP…
- risk 0.57cvss 8.8epss 0.00
VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
- risk 0.47cvss 7.2epss 0.01
VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack.