Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20151126-03-VCN500
HistoryNov 26, 2015 - 12:00 a.m.

Security Advisory - VCN500 SQL Injection Vulnerability

2015-11-2600:00:00
Huawei Technologies
www.huawei.com
16
huawei
vcn500
sql injection
http requests
vulnerability
software updates

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

42.5%

The operation and maintenance unit (OMU) of Huawei VCN500 (Video Cloud Node) does not validate parameters of received HTTP requests, which allows an attacker to launch the SQL injection attack against VCN500 by sending manually crafted packets. (Vulnerability ID: HWPSIRT-2015-09016)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8334.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463072.htm

Affected configurations

Vulners
Node
huaweivcn500_firmwareMatchv100r002c00spc200b010
OR
huaweivcn500_firmwareMatchv100r002c00spc200
VendorProductVersionCPE
huaweivcn500_firmwarev100r002c00spc200b010cpe:2.3:o:huawei:vcn500_firmware:v100r002c00spc200b010:*:*:*:*:*:*:*
huaweivcn500_firmwarev100r002c00spc200cpe:2.3:o:huawei:vcn500_firmware:v100r002c00spc200:*:*:*:*:*:*:*

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

42.5%

Related for HUAWEI-SA-20151126-03-VCN500