8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
33.4%
VP9660 is the multi-point control unit of Huawei Video Conference system.
The server of the Huawei VP9660 does not validate the input when using build-in WebServer. In such case, an attacker could log in to the device as an business administrator, graft a message to change the specific information, and send them to the server to inject malicious commands, leading to information leakage or device unavailability. (Vulnerability ID: HWPSIRT-2015-08039)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8227.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
<http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461216.htm>
CPE | Name | Operator | Version |
---|---|---|---|
vp9660 | eq | V200R001C01 | |
vp9660 | eq | V200R001C02 | |
vp9660 | eq | V200R001C30 |