Details of VAR-201803-1365

ID

VAR-201803-1365

CVE

CVE-2017-8176

TITLE

Huawei IPTV STB Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012998

DESCRIPTION

Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view channels by free. HuaweiIPTVSTB is a network set-top box product of China's Huawei company. An authentication bypass vulnerability exists in the HuaweiIPTVSTBV100R003C01LMYTa6SPC001 version

Trust: 2.16

sources: NVD: CVE-2017-8176 // JVNDB: JVNDB-2017-012998 // CNVD: CNVD-2018-05959

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-05959

AFFECTED PRODUCTS

vendor:	huawei	model:	iptv stb	scope:	lt	version:	v100r003c01lmyta6spc001	Trust: 1.0
vendor:	huawei	model:	iptv stb	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	iptv stb v100r003c01lmyta6spc001	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-05959 // JVNDB: JVNDB-2017-012998 // NVD: CVE-2017-8176

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8176
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-8176
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-05959
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201803-716
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-8176
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-05959
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-8176
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-05959 // JVNDB: JVNDB-2017-012998 // CNNVD: CNNVD-201803-716 // NVD: CVE-2017-8176

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.8

sources: JVNDB: JVNDB-2017-012998 // NVD: CVE-2017-8176

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-716

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-716

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012998

PATCH

title:	IPTV STB V100R003C01LMYTa6SPC001	url:	http://support.huawei.com/carrier/navi?coltype=software?lang=en#col=software&detailId=PBI1-22570793&path=PBI1-21262245/PBI1-22317450/PBI1-22317491/PBI1-19974608/PBI1-14715&lang=en;	Trust: 0.8
title:	HuaweiIPTVSTB authentication bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/122605	Trust: 0.6
title:	Huawei IPTV STB Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79316	Trust: 0.6

sources: CNVD: CNVD-2018-05959 // JVNDB: JVNDB-2017-012998 // CNNVD: CNNVD-201803-716

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8176	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-012998	Trust: 0.8
db:	CNVD	id:	CNVD-2018-05959	Trust: 0.6
db:	CNNVD	id:	CNNVD-201803-716	Trust: 0.6

sources: CNVD: CNVD-2018-05959 // JVNDB: JVNDB-2017-012998 // CNNVD: CNNVD-201803-716 // NVD: CVE-2017-8176

REFERENCES

url:	http://security.my/post/165370836947/cve-2017-8176	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8176	Trust: 1.4
url:	http://support.huawei.com/carrier/navi?coltype=software?lang=en#col=software&detailid=pbi1-22570793&path=pbi1-21262245/pbi1-22317450/pbi1-22317491/pbi1-19974608/pbi1-14715&lang=en%3b	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8176	Trust: 0.8
url:	http://support.huawei.com/carrier/navi?coltype=software?lang=en#col=software&detailid=pbi1-22570793&path=pbi1-21262245/pbi1-22317450/pbi1-22317491/pbi1-19974608/pbi1-14715&lang=en;	Trust: 0.6

sources: CNVD: CNVD-2018-05959 // JVNDB: JVNDB-2017-012998 // CNNVD: CNNVD-201803-716 // NVD: CVE-2017-8176

SOURCES

db:	CNVD	id:	CNVD-2018-05959
db:	JVNDB	id:	JVNDB-2017-012998
db:	CNNVD	id:	CNNVD-201803-716
db:	NVD	id:	CVE-2017-8176

LAST UPDATE DATE

2024-11-23T22:06:57.980000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-05959	date:	2018-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-012998	date:	2018-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201803-716	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-8176	date:	2024-11-21T03:33:28.493

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-05959	date:	2018-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-012998	date:	2018-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201803-716	date:	2018-03-21T00:00:00
db:	NVD	id:	CVE-2017-8176	date:	2018-03-20T15:29:00.533