Sign-up

ID

VAR-201601-0428


CVE

CVE-2015-8335


TITLE

Huawei VCN500 Vulnerabilities in which important information is obtained in software

Trust: 0.8

sources: JVNDB: JVNDB-2015-006731

DESCRIPTION

Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log. Huawei VCN500 is an integrated intelligent video surveillance product from China Huawei. Huawei VCN500 has an authentication bypass vulnerability that allows remote attackers to exploit the vulnerability to gain unauthorized access to the device. Huawei VCN500 is prone to an authentication-bypass vulnerability. The vulnerability is caused by the program recording passwords in plain text

Trust: 2.61

sources: NVD: CVE-2015-8335 // JVNDB: JVNDB-2015-006731 // CNVD: CNVD-2015-08192 // BID: 78095 // VULHUB: VHN-86296 // VULMON: CVE-2015-8335

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08192

AFFECTED PRODUCTS

vendor:huaweimodel:vcn500scope:eqversion:v100r002c00spc200b010

Trust: 1.6

vendor:huaweimodel:vcn500scope:eqversion:v100r002c00spc200

Trust: 1.6

vendor:huaweimodel:vcn500scope: - version: -

Trust: 1.4

vendor:huaweimodel:vcn500scope:ltversion:v100r002c00spc201

Trust: 0.8

vendor:huaweimodel:vcn500 v100r002c00spc200b01scope: - version: -

Trust: 0.3

vendor:huaweimodel:vcn500 v100r002c00spc200scope: - version: -

Trust: 0.3

vendor:huaweimodel:vcn500 v100r002c00spc201scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2015-08192 // BID: 78095 // JVNDB: JVNDB-2015-006731 // CNNVD: CNNVD-201512-200 // NVD: CVE-2015-8335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8335
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-8335
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-08192
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-200
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86296
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-8335
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8335
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-08192
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86296
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8335
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2015-08192 // VULHUB: VHN-86296 // VULMON: CVE-2015-8335 // JVNDB: JVNDB-2015-006731 // CNNVD: CNNVD-201512-200 // NVD: CVE-2015-8335

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-86296 // JVNDB: JVNDB-2015-006731 // NVD: CVE-2015-8335

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-200

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-200

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006731

PATCH
title:Huawei-SA-20151126-04-VCN500url:http://www.huawei.com/en/psirt/security-advisories/hw-463084
Trust: 0.8
title:Huawei VCN500 authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/68319
Trust: 0.6
title:Huawei VCN500 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59045
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-08192 // 
            
            
            
            JVNDB: JVNDB-2015-006731 // 
            
            
            
            CNNVD: CNNVD-201512-200

EXTERNAL IDS
db:NVDid:CVE-2015-8335
Trust: 3.5
db:BIDid:78095
Trust: 1.7
db:JVNDBid:JVNDB-2015-006731
Trust: 0.8
db:CNNVDid:CNNVD-201512-200
Trust: 0.7
db:CNVDid:CNVD-2015-08192
Trust: 0.6
db:VULHUBid:VHN-86296
Trust: 0.1
db:VULMONid:CVE-2015-8335
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08192 // 
            
            
            
            VULHUB: VHN-86296 // 
            
            
            
            VULMON: CVE-2015-8335 // 
            
            
            
            BID: 78095 // 
            
            
            
            JVNDB: JVNDB-2015-006731 // 
            
            
            
            CNNVD: CNNVD-201512-200 // 
            
            
            
            NVD: CVE-2015-8335

REFERENCES
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463084.htm
Trust: 1.8
url:http://www.securityfocus.com/bid/78095
Trust: 1.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8335
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8335
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-463084.htm
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08192 // 
            
            
            
            VULHUB: VHN-86296 // 
            
            
            
            VULMON: CVE-2015-8335 // 
            
            
            
            BID: 78095 // 
            
            
            
            JVNDB: JVNDB-2015-006731 // 
            
            
            
            CNNVD: CNNVD-201512-200 // 
            
            
            
            NVD: CVE-2015-8335

CREDITS
Huawei
Trust: 0.9
sources:
            
            
            BID: 78095 // 
            
            
            
            CNNVD: CNNVD-201512-200

SOURCES
db:CNVDid:CNVD-2015-08192
db:VULHUBid:VHN-86296
db:VULMONid:CVE-2015-8335
db:BIDid:78095
db:JVNDBid:JVNDB-2015-006731
db:CNNVDid:CNNVD-201512-200
db:NVDid:CVE-2015-8335

LAST UPDATE DATE
2025-04-12T23:16:47.541000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08192date:2015-12-15T00:00:00
db:VULHUBid:VHN-86296date:2016-01-11T00:00:00
db:VULMONid:CVE-2015-8335date:2016-01-11T00:00:00
db:BIDid:78095date:2015-11-26T00:00:00
db:JVNDBid:JVNDB-2015-006731date:2016-01-13T00:00:00
db:CNNVDid:CNNVD-201512-200date:2016-01-12T00:00:00
db:NVDid:CVE-2015-8335date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08192date:2015-12-15T00:00:00
db:VULHUBid:VHN-86296date:2016-01-11T00:00:00
db:VULMONid:CVE-2015-8335date:2016-01-11T00:00:00
db:BIDid:78095date:2015-11-26T00:00:00
db:JVNDBid:JVNDB-2015-006731date:2016-01-13T00:00:00
db:CNNVDid:CNNVD-201512-200date:2015-11-26T00:00:00
db:NVDid:CVE-2015-8335date:2016-01-11T15:59:06.700