Details of VAR-201711-0992

ID

VAR-201711-0992

CVE

CVE-2017-8155

TITLE

Huawei Customer Premise Equipment Product B2338-168 Vulnerabilities related to lack of authentication for critical functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-010701

DESCRIPTION

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit. HuaweiB2338-168 is a wireless terminal device that can receive WiFi signals from Huawei. The outdoor unit is one of the units for transmitting and receiving signals

Trust: 2.25

sources: NVD: CVE-2017-8155 // JVNDB: JVNDB-2017-010701 // CNVD: CNVD-2017-35439 // VULHUB: VHN-116358

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-35439

AFFECTED PRODUCTS

vendor:	huawei	model:	b2338-168	scope:	eq	version:	v100r001c00	Trust: 2.4
vendor:	huawei	model:	b2338-168 v100r001c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-35439 // JVNDB: JVNDB-2017-010701 // CNNVD: CNNVD-201711-976 // NVD: CVE-2017-8155

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8155
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-8155
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-35439
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-976
value:	HIGH
Trust: 0.6
VULHUB:	VHN-116358
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-8155
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-35439
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-116358
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8155
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-35439 // VULHUB: VHN-116358 // JVNDB: JVNDB-2017-010701 // CNNVD: CNNVD-201711-976 // NVD: CVE-2017-8155

PROBLEMTYPE DATA

problemtype:

CWE-306

Trust: 1.9

sources: VULHUB: VHN-116358 // JVNDB: JVNDB-2017-010701 // NVD: CVE-2017-8155

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-976

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-976

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010701

PATCH

title:	huawei-sa-20170920-01-cpe	url:	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en	Trust: 0.8
title:	The Huawei B2338-168CPE outdoor unit has a patch for serial port access without authentication vulnerability.	url:	https://www.cnvd.org.cn/patchInfo/show/107257	Trust: 0.6
title:	Huawei B2338-168 outdoor unit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76686	Trust: 0.6

sources: CNVD: CNVD-2017-35439 // JVNDB: JVNDB-2017-010701 // CNNVD: CNNVD-201711-976

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8155	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-010701	Trust: 0.8
db:	CNVD	id:	CNVD-2017-35439	Trust: 0.6
db:	CNNVD	id:	CNNVD-201711-976	Trust: 0.6
db:	VULHUB	id:	VHN-116358	Trust: 0.1

sources: CNVD: CNVD-2017-35439 // VULHUB: VHN-116358 // JVNDB: JVNDB-2017-010701 // CNNVD: CNNVD-201711-976 // NVD: CVE-2017-8155

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8155	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8155	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-cn	Trust: 0.6

sources: CNVD: CNVD-2017-35439 // VULHUB: VHN-116358 // JVNDB: JVNDB-2017-010701 // CNNVD: CNNVD-201711-976 // NVD: CVE-2017-8155

SOURCES

db:	CNVD	id:	CNVD-2017-35439
db:	VULHUB	id:	VHN-116358
db:	JVNDB	id:	JVNDB-2017-010701
db:	CNNVD	id:	CNNVD-201711-976
db:	NVD	id:	CVE-2017-8155

LAST UPDATE DATE

2025-04-20T23:34:15.868000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-35439	date:	2017-11-29T00:00:00
db:	VULHUB	id:	VHN-116358	date:	2017-12-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-010701	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201711-976	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-8155	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-35439	date:	2017-11-29T00:00:00
db:	VULHUB	id:	VHN-116358	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010701	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201711-976	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-8155	date:	2017-11-22T19:29:03.553