Search criteria
1 vulnerability found for uap2105 by huawei
VAR-201709-0082
Vulnerability from variot - Updated: 2025-04-20 23:30Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. Huawei UAP2105 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei UAP2105 is a family WCDMA wireless network access device. Huawei UAP2105 has a command injection vulnerability that allows local attackers to access VxWorks debugging commands through the serial port to view and modify memory and files, resulting in information leakage and system exceptions. Huawei UAP2105 is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands and to obtain sensitive information. This may aid in further attacks. The following versions are affected: Huawei UAP2105 V300R011C01B028(BootRom)[2], V300R011C01B030(BootRom), V300R011C0SPC100(BootRom), and V300R011C01SPC110(BootRom)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "uap2105",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r011c01b030"
},
{
"model": "uap2105",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r011c0spc100"
},
{
"model": "uap2105",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r011c01b028"
},
{
"model": "uap2105",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r011c01spc110"
},
{
"model": "uap2105 v300r011c01b030",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "uap2105 v300r011c0spc100",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "uap2105 v300r011c01spc110",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "uap2105",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r012c00spc160(bootrom)"
},
{
"model": "uap2105 v300r011c01b028 [2]",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "uap2105 v300r011c01b028",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "uap2105 v300r012c00spc160",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "v300r011c0spc100",
"scope": null,
"trust": 0.2,
"vendor": "uap2105",
"version": null
},
{
"model": "v300r011c01b028",
"scope": null,
"trust": 0.2,
"vendor": "uap2105",
"version": null
},
{
"model": "v300r011c01b030",
"scope": null,
"trust": 0.2,
"vendor": "uap2105",
"version": null
},
{
"model": "v300r011c01spc110",
"scope": null,
"trust": 0.2,
"vendor": "uap2105",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "7a08310e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06110"
},
{
"db": "BID",
"id": "76552"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-236"
},
{
"db": "NVD",
"id": "CVE-2015-6592"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:uap2105_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007966"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexey Osipov and Alexander Zaitsev",
"sources": [
{
"db": "BID",
"id": "76552"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-236"
}
],
"trust": 0.9
},
"cve": "CVE-2015-6592",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6592",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2015-06110",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "7a08310e-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-84553",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2015-6592",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6592",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6592",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-06110",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-236",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7a08310e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84553",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7a08310e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06110"
},
{
"db": "VULHUB",
"id": "VHN-84553"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-236"
},
{
"db": "NVD",
"id": "CVE-2015-6592"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. Huawei UAP2105 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei UAP2105 is a family WCDMA wireless network access device. Huawei UAP2105 has a command injection vulnerability that allows local attackers to access VxWorks debugging commands through the serial port to view and modify memory and files, resulting in information leakage and system exceptions. Huawei UAP2105 is prone to a local command-injection vulnerability. \nA local attacker can exploit this issue to execute arbitrary commands and to obtain sensitive information. This may aid in further attacks. The following versions are affected: Huawei UAP2105 V300R011C01B028(BootRom)[2], V300R011C01B030(BootRom), V300R011C0SPC100(BootRom), and V300R011C01SPC110(BootRom)",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6592"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007966"
},
{
"db": "CNVD",
"id": "CNVD-2015-06110"
},
{
"db": "BID",
"id": "76552"
},
{
"db": "IVD",
"id": "7a08310e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84553"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6592",
"trust": 3.6
},
{
"db": "BID",
"id": "76552",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201509-236",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-06110",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007966",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "30988",
"trust": 0.6
},
{
"db": "IVD",
"id": "7A08310E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84553",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7a08310e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06110"
},
{
"db": "VULHUB",
"id": "VHN-84553"
},
{
"db": "BID",
"id": "76552"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-236"
},
{
"db": "NVD",
"id": "CVE-2015-6592"
}
]
},
"id": "VAR-201709-0082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7a08310e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06110"
},
{
"db": "VULHUB",
"id": "VHN-84553"
}
],
"trust": 1.7000000000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7a08310e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06110"
}
]
},
"last_update_date": "2025-04-20T23:30:53.213000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20150902- 01-UAP2105",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-452865"
},
{
"title": "Huawei UAP2105 command to inject the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/64260"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06110"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007966"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84553"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007966"
},
{
"db": "NVD",
"id": "CVE-2015-6592"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htm"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/76552"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6592"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6592"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/30988"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06110"
},
{
"db": "VULHUB",
"id": "VHN-84553"
},
{
"db": "BID",
"id": "76552"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-236"
},
{
"db": "NVD",
"id": "CVE-2015-6592"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7a08310e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06110"
},
{
"db": "VULHUB",
"id": "VHN-84553"
},
{
"db": "BID",
"id": "76552"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-236"
},
{
"db": "NVD",
"id": "CVE-2015-6592"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-22T00:00:00",
"db": "IVD",
"id": "7a08310e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06110"
},
{
"date": "2017-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-84553"
},
{
"date": "2015-09-02T00:00:00",
"db": "BID",
"id": "76552"
},
{
"date": "2017-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007966"
},
{
"date": "2015-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-236"
},
{
"date": "2017-09-25T21:29:00.647000",
"db": "NVD",
"id": "CVE-2015-6592"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06110"
},
{
"date": "2017-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-84553"
},
{
"date": "2015-11-03T19:36:00",
"db": "BID",
"id": "76552"
},
{
"date": "2017-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007966"
},
{
"date": "2017-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-236"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-6592"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "76552"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-236"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei UAP2105 Command injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "7a08310e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-06110"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-236"
}
],
"trust": 0.6
}
}