Sign-up

ID

VAR-201601-0427


CVE

CVE-2015-8333


TITLE

Huawei VCN500 Software Operation and Maintenance Unit Media server in IP Address change vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-006730

DESCRIPTION

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. IP The address may be changed. Huawei VCN500 is an integrated intelligent video surveillance product from China Huawei. Huawei VCN500 has a security vulnerability that allows remote attackers to submit special requests for denial of service attacks. Huawei VCN500 is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Operation and Maintenance Unit (OMU) is one of the communication units used to control BSC and monitor the operation of BTS and TC. A security vulnerability exists in the Operation and Maintenance Unit (OMU) of the Huawei VCN500 that uses software versions earlier than V100R002C00SPC200B010

Trust: 2.52

sources: NVD: CVE-2015-8333 // JVNDB: JVNDB-2015-006730 // CNVD: CNVD-2015-08195 // BID: 78048 // VULHUB: VHN-86294

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08195

AFFECTED PRODUCTS

vendor:huaweimodel:vcn500scope:eqversion:v100r002c00spc200b010

Trust: 1.6

vendor:huaweimodel:vcn500scope: - version: -

Trust: 1.4

vendor:huaweimodel:vcn500scope:ltversion:v100r002c00spc200

Trust: 0.8

vendor:huaweimodel:vcn500 v100r002c00spc200b01scope: - version: -

Trust: 0.3

vendor:huaweimodel:vcn500 v100r002c00spc200scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2015-08195 // BID: 78048 // JVNDB: JVNDB-2015-006730 // CNNVD: CNNVD-201512-202 // NVD: CVE-2015-8333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8333
value: HIGH

Trust: 1.0

NVD: CVE-2015-8333
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-08195
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-202
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86294
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8333
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-08195
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86294
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8333
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2015-08195 // VULHUB: VHN-86294 // JVNDB: JVNDB-2015-006730 // CNNVD: CNNVD-201512-202 // NVD: CVE-2015-8333

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-86294 // JVNDB: JVNDB-2015-006730 // NVD: CVE-2015-8333

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-202

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201512-202

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006730

PATCH
title:Huawei-SA-20151126-02-VCN500url:http://www.huawei.com/en/psirt/security-advisories/hw-463070
Trust: 0.8
title:Huawei VCN500 denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/68321
Trust: 0.6
title:Huawei VCN500 Operation and Maintenance Unit Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59046
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-08195 // 
            
            
            
            JVNDB: JVNDB-2015-006730 // 
            
            
            
            CNNVD: CNNVD-201512-202

EXTERNAL IDS
db:NVDid:CVE-2015-8333
Trust: 3.4
db:BIDid:78048
Trust: 1.6
db:JVNDBid:JVNDB-2015-006730
Trust: 0.8
db:CNNVDid:CNNVD-201512-202
Trust: 0.7
db:CNVDid:CNVD-2015-08195
Trust: 0.6
db:VULHUBid:VHN-86294
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08195 // 
            
            
            
            VULHUB: VHN-86294 // 
            
            
            
            BID: 78048 // 
            
            
            
            JVNDB: JVNDB-2015-006730 // 
            
            
            
            CNNVD: CNNVD-201512-202 // 
            
            
            
            NVD: CVE-2015-8333

REFERENCES
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm
Trust: 1.7
url:http://www.securityfocus.com/bid/78048
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8333
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8333
Trust: 0.8
url:http://www.huawei.com/
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-463070.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-08195 // 
            
            
            
            VULHUB: VHN-86294 // 
            
            
            
            BID: 78048 // 
            
            
            
            JVNDB: JVNDB-2015-006730 // 
            
            
            
            CNNVD: CNNVD-201512-202 // 
            
            
            
            NVD: CVE-2015-8333

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 78048

SOURCES
db:CNVDid:CNVD-2015-08195
db:VULHUBid:VHN-86294
db:BIDid:78048
db:JVNDBid:JVNDB-2015-006730
db:CNNVDid:CNNVD-201512-202
db:NVDid:CVE-2015-8333

LAST UPDATE DATE
2025-04-12T23:29:29.877000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08195date:2015-12-15T00:00:00
db:VULHUBid:VHN-86294date:2016-01-12T00:00:00
db:BIDid:78048date:2015-11-26T00:00:00
db:JVNDBid:JVNDB-2015-006730date:2016-01-13T00:00:00
db:CNNVDid:CNNVD-201512-202date:2016-01-12T00:00:00
db:NVDid:CVE-2015-8333date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08195date:2015-12-15T00:00:00
db:VULHUBid:VHN-86294date:2016-01-11T00:00:00
db:BIDid:78048date:2015-11-26T00:00:00
db:JVNDBid:JVNDB-2015-006730date:2016-01-13T00:00:00
db:CNNVDid:CNNVD-201512-202date:2015-11-26T00:00:00
db:NVDid:CVE-2015-8333date:2016-01-11T15:59:05.510