Security Advisory - Improper User Privileges Vulnerability in VCN500

The operation and maintenance unit (OMU) of Huawei VCN500 (Video Cloud Node) does not configure user privileges properly. By exploiting this vulnerability, ordinary users can modify the IP address of the media server in system management by sending specially crafted packets to the OMU interface, leading to unavailability of some services. (Vulnerability ID: HWPSIRT-2015-07045)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8333.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm&gt;