QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-2738

Back to search

CVE-2017-2738

Published: Nov 22, 2017

Modified: Sep 17, 2024

PUBLISHED

Description

VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.

VendorProductVersions

Huawei Technologies Co., Ltd.

VCM5010

affected
Versions earlier before V100R002C50SPC100

References

97231
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now