Vulnerability Description
Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Hg255S-10 Firmware | v100r001c163b025sp02 |
| Huawei | Hg255S-10 | All versions |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.htm
- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255Vendor Advisory
- http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.htm
- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255Vendor Advisory
FAQ
What is CVE-2017-17309?
CVE-2017-17309 is a vulnerability with a CVSS score of 7.5 (HIGH). Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device withou...
How severe is CVE-2017-17309?
CVE-2017-17309 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17309?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Hg255S-10 Firmware, Huawei Hg255S-10.