VAR-201801-1843
Vulnerability from variot - Updated: 2022-05-04 09:29Huawei DP300, RP200, TE30/40/50/60, TP3106/3206, and ViewPoint9030 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A buffer overflow vulnerability exists in the CRYPTO module of several Huawei products. The vulnerability is due to the program not fully verifying the input. An unauthenticated local attacker exploiting the vulnerability by constructing a file containing parameters longer than the maximum value can cause the system to reboot.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1843",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dp300 v500r002c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te60 v100r001c01",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te60 v500r002c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te60 v600r006c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "tp3106 v100r002c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "viewpoint v100r011c03",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9030"
},
{
"model": "viewpoint v100r011c02",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9030"
},
{
"model": "tp3206 v100r002c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "rp200 v500r002c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "rp200 v600r006c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te30 v100r001c02",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te30 v100r001c10",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te30 v500r002c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te30 v600r006c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te40 v500r002c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te40 v600r006c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te50 v500r002c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te50 v600r006c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te60 v100r001c10",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "tp3206 v100r002c10",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00336"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-00336",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2018-00336",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00336"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei DP300, RP200, TE30/40/50/60, TP3106/3206, and ViewPoint9030 are Huawei\u0027s integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A buffer overflow vulnerability exists in the CRYPTO module of several Huawei products. The vulnerability is due to the program not fully verifying the input. An unauthenticated local attacker exploiting the vulnerability by constructing a file containing parameters longer than the maximum value can cause the system to reboot.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00336"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-00336",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00336"
}
]
},
"id": "VAR-201801-1843",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00336"
}
],
"trust": 1.5907528424999997
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00336"
}
]
},
"last_update_date": "2022-05-04T09:29:16.913000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch of multiple Huawei product CRYPTO module buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/112705"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00336"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20180103-01-crypto-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00336"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-00336"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00336"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00336"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Huawei Products CRYPTO Module Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00336"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…