Vulnerability-Lookup

CVE-2015-8333 (GCVE-0-2015-8333)

Vulnerability from cvelistv5 – Published: 2016-01-11 15:00 – Updated: 2024-08-06 08:13

Summary

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

VAR-201601-0427

Vulnerability from variot - Updated: 2025-04-12 23:29

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. IP The address may be changed. Huawei VCN500 is an integrated intelligent video surveillance product from China Huawei. Huawei VCN500 has a security vulnerability that allows remote attackers to submit special requests for denial of service attacks. Huawei VCN500 is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Operation and Maintenance Unit (OMU) is one of the communication units used to control BSC and monitor the operation of BTS and TC. A security vulnerability exists in the Operation and Maintenance Unit (OMU) of the Huawei VCN500 that uses software versions earlier than V100R002C00SPC200B010

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0427",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "vcn500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "v100r002c00spc200b010"
      },
      {
        "model": "vcn500",
        "scope": null,
        "trust": 1.4,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vcn500",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "v100r002c00spc200"
      },
      {
        "model": "vcn500 v100r002c00spc200b01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vcn500 v100r002c00spc200",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08195"
      },
      {
        "db": "BID",
        "id": "78048"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-202"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8333"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:huawei:vcn500",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:huawei:vcn500",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "78048"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-8333",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2015-8333",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-08195",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-86294",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2015-8333",
            "impactScore": 4.2,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-8333",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-8333",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-08195",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-202",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-86294",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08195"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-202"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8333"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. IP The address may be changed. Huawei VCN500 is an integrated intelligent video surveillance product from China Huawei. Huawei VCN500 has a security vulnerability that allows remote attackers to submit special requests for denial of service attacks. Huawei VCN500 is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Operation and Maintenance Unit (OMU) is one of the communication units used to control BSC and monitor the operation of BTS and TC. A security vulnerability exists in the Operation and Maintenance Unit (OMU) of the Huawei VCN500 that uses software versions earlier than V100R002C00SPC200B010",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-08195"
      },
      {
        "db": "BID",
        "id": "78048"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86294"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-8333",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "78048",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006730",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-202",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-08195",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-86294",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08195"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86294"
      },
      {
        "db": "BID",
        "id": "78048"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-202"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8333"
      }
    ]
  },
  "id": "VAR-201601-0427",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08195"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86294"
      }
    ],
    "trust": 1.325
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08195"
      }
    ]
  },
  "last_update_date": "2025-04-12T23:29:29.877000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Huawei-SA-20151126-02-VCN500",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/hw-463070"
      },
      {
        "title": "Huawei VCN500 denial of service vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/68321"
      },
      {
        "title": "Huawei VCN500 Operation and Maintenance Unit Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59046"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-202"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8333"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/78048"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8333"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8333"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-463070.htm"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08195"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86294"
      },
      {
        "db": "BID",
        "id": "78048"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-202"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8333"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08195"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86294"
      },
      {
        "db": "BID",
        "id": "78048"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-202"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8333"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-08195"
      },
      {
        "date": "2016-01-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86294"
      },
      {
        "date": "2015-11-26T00:00:00",
        "db": "BID",
        "id": "78048"
      },
      {
        "date": "2016-01-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      },
      {
        "date": "2015-11-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-202"
      },
      {
        "date": "2016-01-11T15:59:05.510000",
        "db": "NVD",
        "id": "CVE-2015-8333"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-08195"
      },
      {
        "date": "2016-01-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86294"
      },
      {
        "date": "2015-11-26T00:00:00",
        "db": "BID",
        "id": "78048"
      },
      {
        "date": "2016-01-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      },
      {
        "date": "2016-01-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-202"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-8333"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-202"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei VCN500 Software  Operation and Maintenance Unit Media server in  IP Address change vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006730"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-202"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2015-08195

Vulnerability from cnvd - Published: 2015-12-15

Title

Huawei VCN500拒绝服务漏洞

Description

Huawei VCN500是中国华为公司的一款一体化智能视频监控产品。 Huawei VCN500存在安全漏洞，允许远程攻击者可提交特殊请求进行拒绝服务攻击。

Severity

中

Patch Name

Huawei VCN500拒绝服务漏洞的补丁

Patch Description

Huawei VCN500是中国华为公司的一款一体化智能视频监控产品。 Huawei VCN500存在安全漏洞，允许远程攻击者可提交特殊请求进行拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www.huawei.com/

Reference

http://www.securityfocus.com/bid/78048

Impacted products

Name
Huawei VCN500

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "78048"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-8333"
    }
  },
  "description": "Huawei VCN500\u662f\u4e2d\u56fd\u534e\u4e3a\u516c\u53f8\u7684\u4e00\u6b3e\u4e00\u4f53\u5316\u667a\u80fd\u89c6\u9891\u76d1\u63a7\u4ea7\u54c1\u3002\r\n\r\nHuawei VCN500\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u63d0\u4ea4\u7279\u6b8a\u8bf7\u6c42\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.huawei.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-08195",
  "openTime": "2015-12-15",
  "patchDescription": "Huawei VCN500\u662f\u4e2d\u56fd\u534e\u4e3a\u516c\u53f8\u7684\u4e00\u6b3e\u4e00\u4f53\u5316\u667a\u80fd\u89c6\u9891\u76d1\u63a7\u4ea7\u54c1\u3002\r\n\r\nHuawei VCN500\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u63d0\u4ea4\u7279\u6b8a\u8bf7\u6c42\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei VCN500\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei VCN500"
  },
  "referenceLink": "http://www.securityfocus.com/bid/78048",
  "serverity": "\u4e2d",
  "submitTime": "2015-12-13",
  "title": "Huawei VCN500\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GSD-2015-8333

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets.

Aliases

CVE-2015-8333

Aliases

CVE-2015-8333

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-8333",
    "description": "The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets.",
    "id": "GSD-2015-8333"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-8333"
      ],
      "details": "The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets.",
      "id": "GSD-2015-8333",
      "modified": "2023-12-13T01:20:03.097881Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-8333",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm",
            "refsource": "CONFIRM",
            "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:huawei:vcn500:v100r002c00spc200b010:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:vcn500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8333"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 4.2
        }
      },
      "lastModifiedDate": "2016-01-12T18:25Z",
      "publishedDate": "2016-01-11T15:59Z"
    }
  }
}

GHSA-H9V4-CRV4-7F62

Vulnerability from github – Published: 2022-05-17 03:59 – Updated: 2022-05-17 03:59

Details

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets.

Severity ?

7.1 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-8333"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-01-11T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets.",
  "id": "GHSA-h9v4-crv4-7f62",
  "modified": "2022-05-17T03:59:51Z",
  "published": "2022-05-17T03:59:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8333"
    },
    {
      "type": "WEB",
      "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2015-8333

Vulnerability from fkie_nvd - Published: 2016-01-11 15:59 - Updated: 2025-04-12 10:46

Severity ?

7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Summary

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets.

References

	URL	Tags
	cve@mitre.org	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm	Vendor Advisory

Impacted products

	Vendor	Product	Version
	huawei	vcn500	v100r002c00spc200b010
	huawei	vcn500	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:vcn500:v100r002c00spc200b010:*:*:*:*:*:*:*",
              "matchCriteriaId": "280BB8D6-0B28-4CC0-86A5-E60B89E99380",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:vcn500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E191C10C-39A6-4F67-A714-76B0D8CD1B8B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets."
    },
    {
      "lang": "es",
      "value": "The Operation and Maintenance Unit (OMU) en Huawei VCN500 con software en versiones anteriores a V100R002C00SPC200 permite a usuarios remotos autenticados cambiar la direcci\u00f3n IP del servidor de medios a trav\u00e9s de paquetes manipulados."
    }
  ],
  "id": "CVE-2015-8333",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-11T15:59:05.510",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463070.htm"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-8333 (GCVE-0-2015-8333)

VAR-201601-0427

CNVD-2015-08195

GSD-2015-8333

GHSA-H9V4-CRV4-7F62

FKIE_CVE-2015-8333

Tags

Sightings

Nomenclature