Vulnerability-Lookup

CVE-2016-8280 (GCVE-0-2016-8280)

Vulnerability from cvelistv5 – Published: 2016-10-03 21:00 – Updated: 2024-08-06 02:20

Summary

Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

huawei

References

URL

CNVD-2016-08452

Vulnerability from cnvd - Published: 2016-10-09

Title

Huawei eSight目录遍历漏洞

Description

Huawei eSight是中国华为（Huawei）公司的一套新一代面向企业基础网络、统一通信、智真会议、视频监控和数据中心的整体运维管理解决方案。该方案支持对多厂商和多类型的设备进行统一的监控和配置管理，并对网络和业务质量进行监视和分析。 Huawei eSight 300R002C00、300R002C010和300R002C20版本中存在目录遍历漏洞。攻击者可利用该漏洞下载未授权文件，造成信息泄露。

Severity

中

Patch Name

Huawei eSight目录遍历漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20160928-01-pathtraversal-cn

Reference

http://www.securityfocus.com/bid/93190

Impacted products

Name
['Huawei eSight V300R002C00', 'Huawei eSight V300R003C10', 'Huawei eSight V300R003C20']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93190"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8280"
    }
  },
  "description": "Huawei eSight\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u5957\u65b0\u4e00\u4ee3\u9762\u5411\u4f01\u4e1a\u57fa\u7840\u7f51\u7edc\u3001\u7edf\u4e00\u901a\u4fe1\u3001\u667a\u771f\u4f1a\u8bae\u3001\u89c6\u9891\u76d1\u63a7\u548c\u6570\u636e\u4e2d\u5fc3\u7684\u6574\u4f53\u8fd0\u7ef4\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u5bf9\u591a\u5382\u5546\u548c\u591a\u7c7b\u578b\u7684\u8bbe\u5907\u8fdb\u884c\u7edf\u4e00\u7684\u76d1\u63a7\u548c\u914d\u7f6e\u7ba1\u7406\uff0c\u5e76\u5bf9\u7f51\u7edc\u548c\u4e1a\u52a1\u8d28\u91cf\u8fdb\u884c\u76d1\u89c6\u548c\u5206\u6790\u3002\r\n\r\nHuawei eSight 300R002C00\u3001300R002C010\u548c300R002C20\u7248\u672c\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0b\u8f7d\u672a\u6388\u6743\u6587\u4ef6\uff0c\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20160928-01-pathtraversal-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-08452",
  "openTime": "2016-10-09",
  "patchDescription": "Huawei eSight\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u5957\u65b0\u4e00\u4ee3\u9762\u5411\u4f01\u4e1a\u57fa\u7840\u7f51\u7edc\u3001\u7edf\u4e00\u901a\u4fe1\u3001\u667a\u771f\u4f1a\u8bae\u3001\u89c6\u9891\u76d1\u63a7\u548c\u6570\u636e\u4e2d\u5fc3\u7684\u6574\u4f53\u8fd0\u7ef4\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u5bf9\u591a\u5382\u5546\u548c\u591a\u7c7b\u578b\u7684\u8bbe\u5907\u8fdb\u884c\u7edf\u4e00\u7684\u76d1\u63a7\u548c\u914d\u7f6e\u7ba1\u7406\uff0c\u5e76\u5bf9\u7f51\u7edc\u548c\u4e1a\u52a1\u8d28\u91cf\u8fdb\u884c\u76d1\u89c6\u548c\u5206\u6790\u3002\r\n\r\nHuawei eSight 300R002C00\u3001300R002C010\u548c300R002C20\u7248\u672c\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0b\u8f7d\u672a\u6388\u6743\u6587\u4ef6\uff0c\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei eSight\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei eSight V300R002C00",
      "Huawei eSight V300R003C10",
      "Huawei eSight V300R003C20"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/93190",
  "serverity": "\u4e2d",
  "submitTime": "2016-09-29",
  "title": "Huawei eSight\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

VAR-201610-0210

Vulnerability from variot - Updated: 2025-04-13 23:41

Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. Multiple Huawei Products are prone to an directory-traversal vulnerability. This may aid in further attacks. Huawei eSight is a new generation of overall operation and maintenance management solution for enterprise basic network, unified communication, telepresence conferencing, video surveillance and data center developed by Huawei in China. This solution supports unified monitoring and configuration management for multi-vendor and multi-type equipment, and monitors and analyzes network and service quality. There is a path traversal vulnerability in Huawei eSight V300R002C00, V300R003C10, and V300R003C20. The vulnerability is caused by the program not fully verifying the path. Remote attackers can exploit this vulnerability to download unauthorized files, resulting in information disclosure

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0210",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "esight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "v300r003c20"
      },
      {
        "model": "esight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "v300r002c00"
      },
      {
        "model": "esight",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "v300r003c10"
      },
      {
        "model": "esight",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "v300r003c20spc005"
      },
      {
        "model": "esight v300r003c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight v300r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight v300r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight v300r003c20spc005",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8280"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:huawei:esight",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "93190"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-8280",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2016-8280",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-97100",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-8280",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-8280",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-8280",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-650",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97100",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97100"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8280"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. Multiple Huawei Products are prone to an directory-traversal vulnerability. This may aid in further  attacks. Huawei eSight is a new generation of overall operation and maintenance management solution for enterprise basic network, unified communication, telepresence conferencing, video surveillance and data center developed by Huawei in China. This solution supports unified monitoring and configuration management for multi-vendor and multi-type equipment, and monitors and analyzes network and service quality. There is a path traversal vulnerability in Huawei eSight V300R002C00, V300R003C10, and V300R003C20. The vulnerability is caused by the program not fully verifying the path. Remote attackers can exploit this vulnerability to download unauthorized files, resulting in information disclosure",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      },
      {
        "db": "BID",
        "id": "93190"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97100"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8280",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "93190",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005103",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-650",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-97100",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97100"
      },
      {
        "db": "BID",
        "id": "93190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8280"
      }
    ]
  },
  "id": "VAR-201610-0210",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97100"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T23:41:16.935000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20160928-01-pathtraversal",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en"
      },
      {
        "title": "Huawei eSight Repair measures for path traversal vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64417"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-650"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97100"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8280"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/93190"
      },
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8280"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8280"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160928-01-pathtraversal-en"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97100"
      },
      {
        "db": "BID",
        "id": "93190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8280"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-97100"
      },
      {
        "db": "BID",
        "id": "93190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8280"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97100"
      },
      {
        "date": "2016-09-28T00:00:00",
        "db": "BID",
        "id": "93190"
      },
      {
        "date": "2016-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      },
      {
        "date": "2016-09-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-650"
      },
      {
        "date": "2016-10-03T21:59:12.723000",
        "db": "NVD",
        "id": "CVE-2016-8280"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97100"
      },
      {
        "date": "2016-10-03T00:00:00",
        "db": "BID",
        "id": "93190"
      },
      {
        "date": "2016-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      },
      {
        "date": "2016-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-650"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-8280"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-650"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei eSight Vulnerable to directory traversal",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005103"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-650"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2016-8280

Vulnerability from fkie_nvd - Published: 2016-10-03 21:59 - Updated: 2025-04-12 10:46

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en	Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/93190	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93190	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
huawei	esight	v300r002c00
huawei	esight	v300r003c10
huawei	esight	v300r003c20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:esight:v300r002c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "F701D3F5-B7A3-483B-8A9B-51E7E1B667A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:esight:v300r003c10:*:*:*:*:*:*:*",
              "matchCriteriaId": "06BBACC1-E4AE-4552-BABE-4A434E83BD74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:esight:v300r003c20:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACDFB704-3758-4507-9310-AA938809002A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en Huawei eSight en versiones anteriores a V300R003C20SPC005 permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-8280",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-03T21:59:12.723",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93190"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-8280

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.

Aliases

CVE-2016-8280

Aliases

CVE-2016-8280

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8280",
    "description": "Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.",
    "id": "GSD-2016-8280"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8280"
      ],
      "details": "Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.",
      "id": "GSD-2016-8280",
      "modified": "2023-12-13T01:21:22.269697Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2016-8280",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en"
          },
          {
            "name": "93190",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93190"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:esight:v300r003c10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:huawei:esight:v300r003c20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:huawei:esight:v300r002c00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2016-8280"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93190",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93190"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-10-04T17:32Z",
      "publishedDate": "2016-10-03T21:59Z"
    }
  }
}

GHSA-G3G3-HHXV-74R2

Vulnerability from github – Published: 2022-05-17 03:48 – Updated: 2022-05-17 03:48

Details

Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-03T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.",
  "id": "GHSA-g3g3-hhxv-74r2",
  "modified": "2022-05-17T03:48:02Z",
  "published": "2022-05-17T03:48:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8280"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93190"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8280 (GCVE-0-2016-8280)

CNVD-2016-08452

VAR-201610-0210

FKIE_CVE-2016-8280

GSD-2016-8280

GHSA-G3G3-HHXV-74R2

Tags

Sightings

Nomenclature