Information disclosure in HPE OfficeConnect 1810
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-7100 |
| CWE-ID | CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
HP 1810-8 Hardware solutions / Routers & switches, VoIP, GSM, etc HP 1810-48G Hardware solutions / Routers & switches, VoIP, GSM, etc HP 1810-24G Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | HPE |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU14331
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7100
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to unspecified flaw. A local attacker can gain access to potentially sensitive information.
MitigationUpdate to 1810-24G, 1810-8 to version 2.23.
Update 1810-48G to version 1.35.
HP 1810-8: before 2.23
HP 1810-48G: before 1.35
HP 1810-24G: before 2.23
External linkshttp://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03858en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
