4.3
CVE-2016-8785
- EPSS 0.1%
- Published 09.03.2018 21:29:00
- Last modified 21.11.2024 03:00:04
- Source psirt@huawei.com
- Teams watchlist Login
- Open Login
Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage.
Data is provided by the National Vulnerability Database (NVD)
Huawei ≫ S12700 Firmware Versionv200r007c00
Huawei ≫ S12700 Firmware Versionv200r008c00
Huawei ≫ S5700 Firmware Versionv200r007c00
Huawei ≫ S7700 Firmware Versionv200r002c00
Huawei ≫ S7700 Firmware Versionv200r005c00
Huawei ≫ S7700 Firmware Versionv200r006c00
Huawei ≫ S7700 Firmware Versionv200r007c00
Huawei ≫ S7700 Firmware Versionv200r008c00
Huawei ≫ S9700 Firmware Versionv200r007c00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.252 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.