Details of VAR-201711-0253

ID

VAR-201711-0253

CVE

CVE-2017-2737

TITLE

VCM5010 Vulnerable to unlimited upload of dangerous types of files

Trust: 0.8

sources: JVNDB: JVNDB-2017-010721

DESCRIPTION

VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system. VCM5010 Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. VCM5010 is a video content management platform of China Huawei, which is an integrated video big data analysis device. Huawei VCM5010 is prone to following security vulnerabilities: 1. A remote command injection vulnerability 2. An authentication bypass vulnerability Attackers can exploit these issues to execute arbitrary commands, upload arbitrary files, or bypass the authentication mechanism and perform unauthorized actions. Other attacks may also be possible. Versions prior to VCM5010 V100R002C50SPC100 are vulnerable

Trust: 2.43

sources: NVD: CVE-2017-2737 // JVNDB: JVNDB-2017-010721 // CNVD: CNVD-2017-03717 // BID: 97231

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-03717

AFFECTED PRODUCTS

vendor:	huawei	model:	vcm5010	scope:	lt	version:	v100r002c50spc100	Trust: 1.8
vendor:	huawei	model:	vcm5010 <v100r002c50spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	vcm5010	scope:	eq	version:	0	Trust: 0.3
vendor:	huawei	model:	vcm5010 v100r002c50spc100	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2017-03717 // BID: 97231 // JVNDB: JVNDB-2017-010721 // NVD: CVE-2017-2737

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2737
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2737
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-03717
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201703-1400
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-2737
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-03717
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-2737
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-03717 // JVNDB: JVNDB-2017-010721 // CNNVD: CNNVD-201703-1400 // NVD: CVE-2017-2737

PROBLEMTYPE DATA

problemtype:

CWE-434

Trust: 1.8

sources: JVNDB: JVNDB-2017-010721 // NVD: CVE-2017-2737

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1400

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-1400

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010721

PATCH

title:	huawei-sa-20170329-01-vcm	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en	Trust: 0.8
title:	HuaweiVCM5010 patch for arbitrary file upload vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/91333	Trust: 0.6
title:	Huawei VCM5010 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68898	Trust: 0.6

sources: CNVD: CNVD-2017-03717 // JVNDB: JVNDB-2017-010721 // CNNVD: CNNVD-201703-1400

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2737	Trust: 3.3
db:	BID	id:	97231	Trust: 1.9
db:	JVNDB	id:	JVNDB-2017-010721	Trust: 0.8
db:	CNVD	id:	CNVD-2017-03717	Trust: 0.6
db:	CNNVD	id:	CNNVD-201703-1400	Trust: 0.6

sources: CNVD: CNVD-2017-03717 // BID: 97231 // JVNDB: JVNDB-2017-010721 // CNNVD: CNNVD-201703-1400 // NVD: CVE-2017-2737

REFERENCES

url:	http://www.securityfocus.com/bid/97231	Trust: 1.6
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2737	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2737	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170329-01-vcm-cn	Trust: 0.6
url:	http://www.huawei.com/en/	Trust: 0.3
url:	http://e.huawei.com/en/products/enterprise-networking/video-surveillance/intelligent-cloud/vcm5010	Trust: 0.3
url:	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170329-01-vcm-en	Trust: 0.3

sources: CNVD: CNVD-2017-03717 // BID: 97231 // JVNDB: JVNDB-2017-010721 // CNNVD: CNNVD-201703-1400 // NVD: CVE-2017-2737

CREDITS

Huawei

Trust: 0.9

sources: BID: 97231 // CNNVD: CNNVD-201703-1400

SOURCES

db:	CNVD	id:	CNVD-2017-03717
db:	BID	id:	97231
db:	JVNDB	id:	JVNDB-2017-010721
db:	CNNVD	id:	CNNVD-201703-1400
db:	NVD	id:	CVE-2017-2737

LAST UPDATE DATE

2025-04-20T23:19:45.056000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-03717	date:	2017-03-31T00:00:00
db:	BID	id:	97231	date:	2017-04-04T00:02:00
db:	JVNDB	id:	JVNDB-2017-010721	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201703-1400	date:	2017-03-31T00:00:00
db:	NVD	id:	CVE-2017-2737	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-03717	date:	2017-03-31T00:00:00
db:	BID	id:	97231	date:	2017-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-010721	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201703-1400	date:	2017-03-31T00:00:00
db:	NVD	id:	CVE-2017-2737	date:	2017-11-22T19:29:01.990