Sign-up

ID

VAR-201712-0809


CVE

CVE-2017-15328


TITLE

Huawei HG8245H Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-011577

DESCRIPTION

Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak. Huawei HG8245H Contains an information disclosure vulnerability.Information may be obtained. HuaweiHG8245H is a modem from China's Huawei company. An attacker could exploit the vulnerability to obtain information

Trust: 2.16

sources: NVD: CVE-2017-15328 // JVNDB: JVNDB-2017-011577 // CNVD: CNVD-2017-38100

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38100

AFFECTED PRODUCTS

vendor:huaweimodel:hg8245hscope:ltversion:v300r018c00spc110

Trust: 1.8

vendor:huaweimodel:hg8245h <v300r018c00spc110scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-38100 // JVNDB: JVNDB-2017-011577 // NVD: CVE-2017-15328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15328
value: HIGH

Trust: 1.0

NVD: CVE-2017-15328
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-38100
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-861
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-15328
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38100
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-15328
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38100 // JVNDB: JVNDB-2017-011577 // CNNVD: CNNVD-201712-861 // NVD: CVE-2017-15328

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-011577 // NVD: CVE-2017-15328

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-861

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201712-861

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011577

PATCH
title:Top Pageurl:http://e.huawei.com/en/
Trust: 0.8
title:HuaweiHG8245H authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/111727
Trust: 0.6
title:Huawei HG8245H Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77310
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38100 // 
            
            
            
            JVNDB: JVNDB-2017-011577 // 
            
            
            
            CNNVD: CNNVD-201712-861

EXTERNAL IDS
db:NVDid:CVE-2017-15328
Trust: 3.0
db:JVNDBid:JVNDB-2017-011577
Trust: 0.8
db:CNVDid:CNVD-2017-38100
Trust: 0.6
db:CNNVDid:CNNVD-201712-861
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38100 // 
            
            
            
            JVNDB: JVNDB-2017-011577 // 
            
            
            
            CNNVD: CNNVD-201712-861 // 
            
            
            
            NVD: CVE-2017-15328

REFERENCES
url:https://hacked0x90.wordpress.com/2017/11/30/hg8245h-authentication-bypass/
Trust: 3.0
url:http://support.huawei.com/carrier/docview%21docview?nid=doc1000441394&path=pbi1-7275726/pbi1-7275742/pbi1-7912539/pbi1-22318696/pbi1-8952133/pbi1-8957546/pbi1-22412232/pbi1-22412234/pbi1-22807623
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15328
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15328
Trust: 0.8
url:http://support.huawei.com/carrier/docview!docview?nid=doc1000441394&path=pbi1-7275726/pbi1-7275742/pbi1-7912539/pbi1-22318696/pbi1-8952133/pbi1-8957546/pbi1-22412232/pbi1-22412234/pbi1-22807623
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38100 // 
            
            
            
            JVNDB: JVNDB-2017-011577 // 
            
            
            
            CNNVD: CNNVD-201712-861 // 
            
            
            
            NVD: CVE-2017-15328

SOURCES
db:CNVDid:CNVD-2017-38100
db:JVNDBid:JVNDB-2017-011577
db:CNNVDid:CNNVD-201712-861
db:NVDid:CVE-2017-15328

LAST UPDATE DATE
2025-04-20T23:38:20.866000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38100date:2017-12-26T00:00:00
db:JVNDBid:JVNDB-2017-011577date:2018-01-22T00:00:00
db:CNNVDid:CNNVD-201712-861date:2017-12-25T00:00:00
db:NVDid:CVE-2017-15328date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38100date:2017-12-26T00:00:00
db:JVNDBid:JVNDB-2017-011577date:2018-01-22T00:00:00
db:CNNVDid:CNNVD-201712-861date:2017-12-25T00:00:00
db:NVDid:CVE-2017-15328date:2017-12-22T17:29:13.500