Sign-up

ID

VAR-201712-0799


CVE

CVE-2017-15312


TITLE

Huawei SmartCare Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-011529

DESCRIPTION

Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device. Huawei SmartCare is a set of end-to-end user perception improvement and assurance solutions provided by China's Huawei (Huawei), which is used to improve customer experience in the telecommunications field. The dashboard module is one of the dashboard modules

Trust: 1.71

sources: NVD: CVE-2017-15312 // JVNDB: JVNDB-2017-011529 // VULHUB: VHN-106122

AFFECTED PRODUCTS

vendor:huaweimodel:smartcarescope:eqversion:v200r003c10

Trust: 2.4

sources: JVNDB: JVNDB-2017-011529 // CNNVD: CNNVD-201710-464 // NVD: CVE-2017-15312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15312
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-15312
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201710-464
value: LOW

Trust: 0.6

VULHUB: VHN-106122
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-15312
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-106122
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15312
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-106122 // JVNDB: JVNDB-2017-011529 // CNNVD: CNNVD-201710-464 // NVD: CVE-2017-15312

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-106122 // JVNDB: JVNDB-2017-011529 // NVD: CVE-2017-15312

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-464

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201710-464

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011529

PATCH
title:huawei-sn-20171201-01-smartcare-enurl:http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-011529

EXTERNAL IDS
db:NVDid:CVE-2017-15312
Trust: 2.5
db:JVNDBid:JVNDB-2017-011529
Trust: 0.8
db:CNNVDid:CNNVD-201710-464
Trust: 0.7
db:VULHUBid:VHN-106122
Trust: 0.1
sources:
            
            
            VULHUB: VHN-106122 // 
            
            
            
            JVNDB: JVNDB-2017-011529 // 
            
            
            
            CNNVD: CNNVD-201710-464 // 
            
            
            
            NVD: CVE-2017-15312

REFERENCES
url:http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15312
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15312
Trust: 0.8
sources:
            
            
            VULHUB: VHN-106122 // 
            
            
            
            JVNDB: JVNDB-2017-011529 // 
            
            
            
            CNNVD: CNNVD-201710-464 // 
            
            
            
            NVD: CVE-2017-15312

SOURCES
db:VULHUBid:VHN-106122
db:JVNDBid:JVNDB-2017-011529
db:CNNVDid:CNNVD-201710-464
db:NVDid:CVE-2017-15312

LAST UPDATE DATE
2025-04-20T23:24:46.002000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-106122date:2018-01-04T00:00:00
db:JVNDBid:JVNDB-2017-011529date:2018-01-18T00:00:00
db:CNNVDid:CNNVD-201710-464date:2017-12-25T00:00:00
db:NVDid:CVE-2017-15312date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-106122date:2017-12-22T00:00:00
db:JVNDBid:JVNDB-2017-011529date:2018-01-18T00:00:00
db:CNNVDid:CNNVD-201710-464date:2017-10-17T00:00:00
db:NVDid:CVE-2017-15312date:2017-12-22T17:29:13.097