The operation and maintenance unit (OMU) of Huawei VCN500 (Video Cloud Node) does not validate parameters of received HTTP requests, which allows an attacker to launch the SQL injection attack against VCN500 by sending manually crafted packets. (Vulnerability ID: HWPSIRT-2015-09016)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8334.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463072.htm
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | vcn500_firmware | v100r002c00spc200b010 | cpe:2.3:o:huawei:vcn500_firmware:v100r002c00spc200b010:*:*:*:*:*:*:* |
huawei | vcn500_firmware | v100r002c00spc200 | cpe:2.3:o:huawei:vcn500_firmware:v100r002c00spc200:*:*:*:*:*:*:* |