CVE-2017-8155

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.

CVSS v3 8.4 HIGH
CVSS v2.0 7.2 HIGH

8.4^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:b2338-168_firmware:v100r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:b2338-168:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-11-22 19:29

Updated : 2023-12-10 12:15

NVD link : CVE-2017-8155

Mitre link : CVE-2017-8155

CVE.ORG link : CVE-2017-8155

JSON object : View

Products Affected

huawei

b2338-168
b2338-168_firmware

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2017-8155", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2017-11-22T19:29:03.553", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit."}, {"lang": "es", "value": "La unidad externa del producto CPE (Customer Premise Equipment) B2338-168 V100R001C00 tiene una vulnerabilidad de falta de autenticaci\u00f3n en un puerto determinado. Despu\u00e9s de acceder a la red entre las unidades internas y las unidades externas del CPE, un atacante puede enviar comandos a un puerto determinado de la unidad externa y ejecutarlos sin autenticaci\u00f3n. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante tome el control de la unidad externa."}], "lastModified": "2017-12-11T18:34:23.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:b2338-168_firmware:v100r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD789B64-6402-4D02-80F8-8B4AE3AD4D45"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:b2338-168:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C2FBFF5-2AE7-4F3C-9D1D-111C07F75717"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}