Sign-up

ID

VAR-201708-0156


CVE

CVE-2015-8334


TITLE

Huawei VCN500 In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007832

DESCRIPTION

SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. Huawei VCN500 Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei VCN500 is an integrated intelligent video surveillance product from China Huawei. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Operation and Maintenance Unit (OMU) is one of the communication units used to control BSC and monitor the operation of BTS and TC. SQL injection vulnerabilities exist in the OMU module of Huawei VCN500 V100R002C00SPC200B010 and V100R002C00SPC200. The vulnerability stems from the fact that the program does not perform parameter verification on the received HTTP request message

Trust: 2.52

sources: NVD: CVE-2015-8334 // JVNDB: JVNDB-2015-007832 // CNVD: CNVD-2015-08193 // BID: 78076 // VULHUB: VHN-86295

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08193

AFFECTED PRODUCTS

vendor:huaweimodel:vcn500scope:eqversion:v100r002c00spc200

Trust: 1.6

vendor:huaweimodel:vcn500scope:eqversion:v100r002c00spc200b010

Trust: 1.6

vendor:huaweimodel:vcn500scope:ltversion:v100r002c00spc201

Trust: 0.8

vendor:huaweimodel:vcn500scope: - version: -

Trust: 0.6

vendor:huaweimodel:vcn500 v100r002c00spc200b01scope: - version: -

Trust: 0.3

vendor:huaweimodel:vcn500 v100r002c00spc200scope: - version: -

Trust: 0.3

vendor:huaweimodel:vcn500 v100r002c00spc201scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2015-08193 // BID: 78076 // JVNDB: JVNDB-2015-007832 // CNNVD: CNNVD-201512-201 // NVD: CVE-2015-8334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8334
value: HIGH

Trust: 1.0

NVD: CVE-2015-8334
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-08193
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201512-201
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86295
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8334
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-08193
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86295
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8334
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2015-08193 // VULHUB: VHN-86295 // JVNDB: JVNDB-2015-007832 // CNNVD: CNNVD-201512-201 // NVD: CVE-2015-8334

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-86295 // JVNDB: JVNDB-2015-007832 // NVD: CVE-2015-8334

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-201

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201512-201

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007832

PATCH
title:Huawei-SA-20151126-03-VCN500url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463072.htm
Trust: 0.8
title:Huawei VCN500 SQL Injection Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/68320
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-08193 // 
            
            
            
            JVNDB: JVNDB-2015-007832

EXTERNAL IDS
db:NVDid:CVE-2015-8334
Trust: 3.4
db:BIDid:78076
Trust: 1.6
db:JVNDBid:JVNDB-2015-007832
Trust: 0.8
db:CNNVDid:CNNVD-201512-201
Trust: 0.7
db:CNVDid:CNVD-2015-08193
Trust: 0.6
db:SEEBUGid:SSVID-90157
Trust: 0.1
db:VULHUBid:VHN-86295
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08193 // 
            
            
            
            VULHUB: VHN-86295 // 
            
            
            
            BID: 78076 // 
            
            
            
            JVNDB: JVNDB-2015-007832 // 
            
            
            
            CNNVD: CNNVD-201512-201 // 
            
            
            
            NVD: CVE-2015-8334

REFERENCES
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463072.htm
Trust: 1.7
url:http://www.securityfocus.com/bid/78076
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8334
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-8334
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-463072.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-08193 // 
            
            
            
            VULHUB: VHN-86295 // 
            
            
            
            BID: 78076 // 
            
            
            
            JVNDB: JVNDB-2015-007832 // 
            
            
            
            CNNVD: CNNVD-201512-201 // 
            
            
            
            NVD: CVE-2015-8334

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 78076

SOURCES
db:CNVDid:CNVD-2015-08193
db:VULHUBid:VHN-86295
db:BIDid:78076
db:JVNDBid:JVNDB-2015-007832
db:CNNVDid:CNNVD-201512-201
db:NVDid:CVE-2015-8334

LAST UPDATE DATE
2025-04-20T23:22:15.226000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08193date:2015-12-15T00:00:00
db:VULHUBid:VHN-86295date:2017-09-07T00:00:00
db:BIDid:78076date:2015-11-26T00:00:00
db:JVNDBid:JVNDB-2015-007832date:2017-09-27T00:00:00
db:CNNVDid:CNNVD-201512-201date:2017-09-04T00:00:00
db:NVDid:CVE-2015-8334date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08193date:2015-12-15T00:00:00
db:VULHUBid:VHN-86295date:2017-08-29T00:00:00
db:BIDid:78076date:2015-11-26T00:00:00
db:JVNDBid:JVNDB-2015-007832date:2017-09-27T00:00:00
db:CNNVDid:CNNVD-201512-201date:2015-11-26T00:00:00
db:NVDid:CVE-2015-8334date:2017-08-29T15:29:00.613