CVE-2015-8228

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-8228
Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors.

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:huawei:ar_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:huawei:ar120:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1200:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar150:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar160:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar200:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2200:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar3200:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar3600:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar500:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2015-11-24 20:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-8228

Mitre link : CVE-2015-8228

CVE.ORG link : CVE-2015-8228

JSON object : View

Products Affected

huawei

  • ar3200
  • ar1200
  • ar200
  • ar3600
  • ar2200
  • ar150
  • ar_firmware
  • ar500
  • ar120
  • ar160
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')