Sign-up

ID

VAR-201709-0082


CVE

CVE-2015-6592


TITLE

Huawei UAP2105 Command injection vulnerability

Trust: 0.8

sources: IVD: 7a08310e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06110

DESCRIPTION

Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. Huawei UAP2105 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei UAP2105 is a family WCDMA wireless network access device. Huawei UAP2105 has a command injection vulnerability that allows local attackers to access VxWorks debugging commands through the serial port to view and modify memory and files, resulting in information leakage and system exceptions. Huawei UAP2105 is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands and to obtain sensitive information. This may aid in further attacks. The following versions are affected: Huawei UAP2105 V300R011C01B028(BootRom)[2], V300R011C01B030(BootRom), V300R011C0SPC100(BootRom), and V300R011C01SPC110(BootRom)

Trust: 2.7

sources: NVD: CVE-2015-6592 // JVNDB: JVNDB-2015-007966 // CNVD: CNVD-2015-06110 // BID: 76552 // IVD: 7a08310e-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-84553

IOT TAXONOMY

category:['IoT', 'ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 7a08310e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06110

AFFECTED PRODUCTS

vendor:huaweimodel:uap2105scope:eqversion:v300r011c01b030

Trust: 1.6

vendor:huaweimodel:uap2105scope:eqversion:v300r011c0spc100

Trust: 1.6

vendor:huaweimodel:uap2105scope:eqversion:v300r011c01b028

Trust: 1.6

vendor:huaweimodel:uap2105scope:eqversion:v300r011c01spc110

Trust: 1.6

vendor:huaweimodel:uap2105 v300r011c01b030scope: - version: -

Trust: 0.9

vendor:huaweimodel:uap2105 v300r011c0spc100scope: - version: -

Trust: 0.9

vendor:huaweimodel:uap2105 v300r011c01spc110scope: - version: -

Trust: 0.9

vendor:huaweimodel:uap2105scope:ltversion:v300r012c00spc160(bootrom)

Trust: 0.8

vendor:huaweimodel:uap2105 v300r011c01b028 [2]scope: - version: -

Trust: 0.6

vendor:huaweimodel:uap2105 v300r011c01b028scope: - version: -

Trust: 0.3

vendor:huaweimodel:uap2105 v300r012c00spc160scope:neversion: -

Trust: 0.3

vendor:uap2105model:v300r011c0spc100scope: - version: -

Trust: 0.2

vendor:uap2105model:v300r011c01b028scope: - version: -

Trust: 0.2

vendor:uap2105model:v300r011c01b030scope: - version: -

Trust: 0.2

vendor:uap2105model:v300r011c01spc110scope: - version: -

Trust: 0.2

sources: IVD: 7a08310e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06110 // BID: 76552 // JVNDB: JVNDB-2015-007966 // CNNVD: CNNVD-201509-236 // NVD: CVE-2015-6592

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6592
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6592
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-06110
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201509-236
value: HIGH

Trust: 0.6

IVD: 7a08310e-2351-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-84553
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6592
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06110
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7a08310e-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-84553
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-6592
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 7a08310e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06110 // VULHUB: VHN-84553 // JVNDB: JVNDB-2015-007966 // CNNVD: CNNVD-201509-236 // NVD: CVE-2015-6592

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.9

sources: VULHUB: VHN-84553 // JVNDB: JVNDB-2015-007966 // NVD: CVE-2015-6592

THREAT TYPE

local

Trust: 0.9

sources: BID: 76552 // CNNVD: CNNVD-201509-236

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201509-236

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007966

PATCH
title:Huawei-SA-20150902- 01-UAP2105url:http://www.huawei.com/en/psirt/security-advisories/hw-452865
Trust: 0.8
title:Huawei UAP2105 command to inject the patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/64260
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06110 // 
            
            
            
            JVNDB: JVNDB-2015-007966

EXTERNAL IDS
db:NVDid:CVE-2015-6592
Trust: 3.6
db:BIDid:76552
Trust: 2.0
db:CNNVDid:CNNVD-201509-236
Trust: 0.9
db:CNVDid:CNVD-2015-06110
Trust: 0.8
db:JVNDBid:JVNDB-2015-007966
Trust: 0.8
db:NSFOCUSid:30988
Trust: 0.6
db:IVDid:7A08310E-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-84553
Trust: 0.1
sources:
            
            
            IVD: 7a08310e-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-06110 // 
            
            
            
            VULHUB: VHN-84553 // 
            
            
            
            BID: 76552 // 
            
            
            
            JVNDB: JVNDB-2015-007966 // 
            
            
            
            CNNVD: CNNVD-201509-236 // 
            
            
            
            NVD: CVE-2015-6592

REFERENCES
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htm
Trust: 2.3
url:http://www.securityfocus.com/bid/76552
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6592
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-6592
Trust: 0.8
url:http://www.nsfocus.net/vulndb/30988
Trust: 0.6
url:http://www.huawei.com/
Trust: 0.3
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06110 // 
            
            
            
            VULHUB: VHN-84553 // 
            
            
            
            BID: 76552 // 
            
            
            
            JVNDB: JVNDB-2015-007966 // 
            
            
            
            CNNVD: CNNVD-201509-236 // 
            
            
            
            NVD: CVE-2015-6592

CREDITS
Alexey Osipov and Alexander Zaitsev
Trust: 0.9
sources:
            
            
            BID: 76552 // 
            
            
            
            CNNVD: CNNVD-201509-236

SOURCES
db:IVDid:7a08310e-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-06110
db:VULHUBid:VHN-84553
db:BIDid:76552
db:JVNDBid:JVNDB-2015-007966
db:CNNVDid:CNNVD-201509-236
db:NVDid:CVE-2015-6592

LAST UPDATE DATE
2025-04-20T23:30:53.213000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06110date:2015-09-22T00:00:00
db:VULHUBid:VHN-84553date:2017-10-06T00:00:00
db:BIDid:76552date:2015-11-03T19:36:00
db:JVNDBid:JVNDB-2015-007966date:2017-10-20T00:00:00
db:CNNVDid:CNNVD-201509-236date:2017-09-29T00:00:00
db:NVDid:CVE-2015-6592date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:7a08310e-2351-11e6-abef-000c29c66e3ddate:2015-09-22T00:00:00
db:CNVDid:CNVD-2015-06110date:2015-09-22T00:00:00
db:VULHUBid:VHN-84553date:2017-09-25T00:00:00
db:BIDid:76552date:2015-09-02T00:00:00
db:JVNDBid:JVNDB-2015-007966date:2017-10-20T00:00:00
db:CNNVDid:CNNVD-201509-236date:2015-09-18T00:00:00
db:NVDid:CVE-2015-6592date:2017-09-25T21:29:00.647