Information disclosure in Huawei products - CVE-2016-8280
Published: October 4, 2016 / Updated: October 4, 2016
Vulnerability identifier: #VU727
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8280
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Huawei
Affected software:
Huawei USG5500
Huawei USG5100
Huawei USG2200
Huawei USG2100
Huawei USG5500
Huawei USG5100
Huawei USG2200
Huawei USG2100
Detailed vulnerability description
The vulnerability allows a remote authenticated user to read potentially sensitive information on the target system.
The weakness exists due to insufficient input verification. Via unspecified vectors attackers can access important data and view it.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to insufficient input verification. Via unspecified vectors attackers can access important data and view it.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2016-8280
Update to V300R001C10SPC600.