Search criteria
3 vulnerabilities found for ER5100G2 by H3C
VAR-202506-3867
Vulnerability from variot - Updated: 2025-07-18 23:20H3C ER5100G2 is an enterprise-class Gigabit high-performance router.
H3C ER5100G2 of H3C Technologies Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-3867",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "er5100g2",
"scope": null,
"trust": 0.6,
"vendor": "h3c",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13608"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-13608",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2025-13608",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13608"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "H3C ER5100G2 is an enterprise-class Gigabit high-performance router.\n\nH3C ER5100G2 of H3C Technologies Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13608"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-13608",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13608"
}
]
},
"id": "VAR-202506-3867",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13608"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13608"
}
]
},
"last_update_date": "2025-07-18T23:20:38.094000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for H3C ER5100G2 of H3C Technologies Co., Ltd. has a weak password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/702596"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13608"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-13608"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13608"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13608"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "H3C ER5100G2 of H3C Technologies Co., Ltd. has a weak password vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13608"
}
],
"trust": 0.6
}
}
CVE-2023-5142 (GCVE-0-2023-5142)
Vulnerability from nvd – Published: 2023-09-24 22:00 – Updated: 2024-08-02 07:52
VLAI?
Title
H3C ER6300G2 Config File userLogin.asp path traversal
Summary
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-22 - Path Traversal
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| H3C | GR-1100-P |
Affected:
20230908
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
yinsel975 (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.240238"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.240238"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/yinsel/CVE-H3C-Report"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/CJCniubi666/H3C-ER/blob/main/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Config File Handler"
],
"product": "GR-1100-P",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-1108-P",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-1200W",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-1800AX",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-2200",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-3200",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-5200",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-8300",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER2100n",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER2200G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER3200G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER3260G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER5100G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER5200G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER6300G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yinsel975 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 bis 20230908 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /userLogin.asp der Komponente Config File Handler. Durch das Beeinflussen mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T08:03:35.039Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.240238"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.240238"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/yinsel/CVE-H3C-Report"
},
{
"tags": [
"related"
],
"url": "https://github.com/CJCniubi666/H3C-ER/blob/main/README.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-24T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-14T17:43:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C ER6300G2 Config File userLogin.asp path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5142",
"datePublished": "2023-09-24T22:00:06.432Z",
"dateReserved": "2023-09-24T14:06:15.230Z",
"dateUpdated": "2024-08-02T07:52:07.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5142 (GCVE-0-2023-5142)
Vulnerability from cvelistv5 – Published: 2023-09-24 22:00 – Updated: 2024-08-02 07:52
VLAI?
Title
H3C ER6300G2 Config File userLogin.asp path traversal
Summary
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-22 - Path Traversal
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| H3C | GR-1100-P |
Affected:
20230908
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
yinsel975 (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.240238"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.240238"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/yinsel/CVE-H3C-Report"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/CJCniubi666/H3C-ER/blob/main/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Config File Handler"
],
"product": "GR-1100-P",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-1108-P",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-1200W",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-1800AX",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-2200",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-3200",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-5200",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "GR-8300",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER2100n",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER2200G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER3200G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER3260G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER5100G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER5200G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
},
{
"modules": [
"Config File Handler"
],
"product": "ER6300G2",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "20230908"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yinsel975 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 bis 20230908 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /userLogin.asp der Komponente Config File Handler. Durch das Beeinflussen mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T08:03:35.039Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.240238"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.240238"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/yinsel/CVE-H3C-Report"
},
{
"tags": [
"related"
],
"url": "https://github.com/CJCniubi666/H3C-ER/blob/main/README.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-24T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-14T17:43:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C ER6300G2 Config File userLogin.asp path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5142",
"datePublished": "2023-09-24T22:00:06.432Z",
"dateReserved": "2023-09-24T14:06:15.230Z",
"dateUpdated": "2024-08-02T07:52:07.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}