Vulnerability-Lookup

CVE-2017-17215 (GCVE-0-2017-17215)

Vulnerability from cvelistv5 – Published: 2018-03-20 15:00 – Updated: 2024-08-05 20:43

CIRCL KEVIntel

Summary

Severity

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

remote code execution

Assigner

huawei

References

2 references

URL	Tags
http://www.securityfocus.com/bid/102344	vdb-entryx_refsource_BID
http://www.huawei.com/en/psirt/security-notices/h…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Huawei Technologies Co., Ltd.	HG532	Affected: customized versions

Date Public

2017-11-30 00:00

CIRCL

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: f4f43160-12d2-41a0-9dcf-d016d5bd8761

Vulnerability ID: CVE-2017-17215

Status: Confirmed

Status Updated: 2026-03-12 10:42 UTC

Exploited: Yes

Characteristics

Remote Code Execution: Yes

Authentication Required: Yes

Local Access Required: Remote

Severity: 100.0

Timestamps

First Seen: 2026-03-12

Asserted: 2026-03-12

Last Seen: 2026-03-12

Created: 2026-03-12 10:43 UTC | Updated: 2026-03-12 10:42 UTC

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: b762dd1c-0da6-43fd-a123-3c4446c8b108

Vulnerability ID: CVE-2017-17215

Status: Confirmed

Status Updated: 2025-04-28 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2025-04-28

Asserted: 2025-04-28

Scope

Notes: KEVIntel entry: Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to... | Affected: Huawei Technologies Co., Ltd. / HG532 | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: True

Evidence

Type: Public Report

Signal: Confirmed Compromise

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to...
Vendor	Huawei Technologies Co., Ltd.
Product	HG532
Added Date	2025-04-28T00:00:00.000Z
Cvss Score	8.8
Epss Score	None
Cvss Severity	HIGH
Epss Percentile	None
Used In Malware	yes
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	True

References

Created: 2026-06-23 11:13 UTC | Updated: 2026-06-23 11:13 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:59.888Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102344",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102344"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HG532",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "customized versions"
            }
          ]
        }
      ],
      "datePublic": "2017-11-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01.000Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "name": "102344",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102344"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-17215",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HG532",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "customized versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102344",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102344"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-17215",
    "datePublished": "2018-03-20T15:00:00.000Z",
    "dateReserved": "2017-12-04T00:00:00.000Z",
    "dateUpdated": "2024-08-05T20:43:59.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-17215",
      "date": "2026-06-24",
      "epss": "0.7861",
      "percentile": "0.99533"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-17215\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2018-03-20T15:29:00.203\",\"lastModified\":\"2024-11-21T03:17:40.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Huawei HG532 con algunas versiones personalizadas tiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante autenticado podr\u00eda enviar paquetes maliciosos al puerto 37215 para iniciar ataques. Si se explota con \u00e9xito, podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:hg532_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D1370CC-7DB4-4162-8C4F-12EB7F781D06\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:hg532:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37D1DF9F-CD5A-4AB0-84C5-500CCFBDC6B0\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102344\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

BDU:2022-02698

Vulnerability from fstec - Published: 27.11.2017

Title

Уязвимость микропрограммного обеспечения Wi-Fi роутеров Huawei HG532, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость микропрограммного обеспечения Wi-Fi роутеров Huawei HG532 связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код путем отправки специально созданных вредоносных пакетов через порт 37215

Severity


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Huawei Technologies Co., Ltd.

Software Name

Huawei HG532

Software Version

- (Huawei HG532)

Possible Mitigations

Организационные меры: 1) Рекомендуется настроить функцию встроенного брандмауэра 2) Изменить пароль по умолчанию 3) Развернуте брандмауэр на стороне оператора Клиенты могут развернуть Huawei NGFW (брандмауэр нового поколения) или брандмауэры центров обработки данных, а также обновить базу данных сигнатур IPS до последней версии IPS_H20011000_2017120100, выпущенной 1 декабря 2017 г. 4) Использовать аналогичный программный продукт

Reference

http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en http://www.securityfocus.com/bid/102344 https://nvd.nist.gov/vuln/detail/cve-2017-17215 https://vuldb.com/?id.114804 https://github.com/wilfred-wulbou/HG532d-RCE-Exploit https://www.exploit-db.com/exploits/43414 https://t.me/pentestingnews/55627

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Huawei Technologies Co., Ltd.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Huawei HG532)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b:\n\n1) \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430\n\n2) \u0418\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u044c \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e\n\n3) \u0420\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u0435 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\n\n\u041a\u043b\u0438\u0435\u043d\u0442\u044b \u043c\u043e\u0433\u0443\u0442 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c Huawei NGFW (\u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440 \u043d\u043e\u0432\u043e\u0433\u043e \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044f) \u0438\u043b\u0438 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u044b \u0446\u0435\u043d\u0442\u0440\u043e\u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0431\u0430\u0437\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0433\u043d\u0430\u0442\u0443\u0440 IPS \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 IPS_H20011000_2017120100, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0439 1 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2017 \u0433.\n\n4) \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043f\u0440\u043e\u0434\u0443\u043a\u0442",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.11.2017",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.02.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02698",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-17215",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Huawei HG532",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Wi-Fi \u0440\u043e\u0443\u0442\u0435\u0440\u043e\u0432 Huawei HG532, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Wi-Fi \u0440\u043e\u0443\u0442\u0435\u0440\u043e\u0432 Huawei HG532 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0440\u0442 37215",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en\t\nhttp://www.securityfocus.com/bid/102344\nhttps://nvd.nist.gov/vuln/detail/cve-2017-17215\nhttps://vuldb.com/?id.114804\nhttps://github.com/wilfred-wulbou/HG532d-RCE-Exploit\nhttps://www.exploit-db.com/exploits/43414\nhttps://t.me/pentestingnews/55627",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CNVD-2017-38447

Vulnerability from cnvd - Published: 2017-12-28

Title

Huawei HG532系列路由器远程代码执行漏洞

Description

Huawei HG532系列路由器是一款为家庭和小型办公用户打造的无线路由器产品。 Huawei HG532系列路由器存在远程代码执行漏洞。认证后的攻击者可以向设备37215端口发送恶意报文发起攻击，成功利用漏洞可以远程执行任意代码。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用措施规避或预防该漏洞的攻击，详情请向当地服务提供商或华为TAC咨询： http://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn

Reference

http://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn

Impacted products

Name
Huawei HG532

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17215"
    }
  },
  "description": "Huawei HG532\u7cfb\u5217\u8def\u7531\u5668\u662f\u4e00\u6b3e\u4e3a\u5bb6\u5ead\u548c\u5c0f\u578b\u529e\u516c\u7528\u6237\u6253\u9020\u7684\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nHuawei HG532\u7cfb\u5217\u8def\u7531\u5668\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8ba4\u8bc1\u540e\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5411\u8bbe\u590737215\u7aef\u53e3\u53d1\u9001\u6076\u610f\u62a5\u6587\u53d1\u8d77\u653b\u51fb\uff0c\u6210\u529f\u5229\u7528\u6f0f\u6d1e\u53ef\u4ee5\u8fdc\u7a0b\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Check Point\u8f6f\u4ef6\u6280\u672f\u7814\u7a76\u90e8\u95e8",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u63aa\u65bd\u89c4\u907f\u6216\u9884\u9632\u8be5\u6f0f\u6d1e\u7684\u653b\u51fb\uff0c\u8be6\u60c5\u8bf7\u5411\u5f53\u5730\u670d\u52a1\u63d0\u4f9b\u5546\u6216\u534e\u4e3aTAC\u54a8\u8be2\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-38447",
  "openTime": "2017-12-28",
  "products": {
    "product": "Huawei HG532"
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn",
  "serverity": "\u9ad8",
  "submitTime": "2017-12-25",
  "title": "Huawei HG532\u7cfb\u5217\u8def\u7531\u5668\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2017-17215

Vulnerability from fkie_nvd - Published: 2018-03-20 15:29 - Updated: 2026-06-17 01:10

CIRCL KEVIntel

Severity

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en	Mitigation, Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/102344	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102344	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	huawei	hg532_firmware	-
	huawei	hg532	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "HG532",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "customized versions"
            }
          ]
        }
      ],
      "source": "psirt@huawei.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:hg532_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D1370CC-7DB4-4162-8C4F-12EB7F781D06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:hg532:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37D1DF9F-CD5A-4AB0-84C5-500CCFBDC6B0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
    },
    {
      "lang": "es",
      "value": "Huawei HG532 con algunas versiones personalizadas tiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante autenticado podr\u00eda enviar paquetes maliciosos al puerto 37215 para iniciar ataques. Si se explota con \u00e9xito, podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2017-17215",
  "lastModified": "2026-06-17T01:10:32.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-20T15:29:00.203",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102344"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-H4HX-PMCG-3856

Vulnerability from github – Published: 2022-05-14 03:30 – Updated: 2022-05-14 03:30

Details

Severity

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-17215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-20T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.",
  "id": "GHSA-h4hx-pmcg-3856",
  "modified": "2022-05-14T03:30:36Z",
  "published": "2022-05-14T03:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17215"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102344"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-17215

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-17215

Aliases

CVE-2017-17215

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-17215",
    "description": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.",
    "id": "GSD-2017-17215"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-17215"
      ],
      "details": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.",
      "id": "GSD-2017-17215",
      "modified": "2023-12-13T01:21:05.141152Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2017-17215",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HG532",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "customized versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei Technologies Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "remote code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102344",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102344"
          },
          {
            "name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:hg532_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:hg532:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-17215"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
            },
            {
              "name": "102344",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102344"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-04-19T15:04Z",
      "publishedDate": "2018-03-20T15:29Z"
    }
  }
}

VAR-201803-1048

Vulnerability from variot - Updated: 2024-11-23 22:06

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code. Huawei HG532 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HuaweiHG532 series router is a wireless router product for home and small office users. Huawei HG532 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1048",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hg532",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hg532",
        "scope": null,
        "trust": 1.4,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hg532",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:huawei:hg532_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Check Point Software Technologies Research Department",
    "sources": [
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-17215",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2017-17215",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-38447",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-108215",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-17215",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-17215",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-17215",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-38447",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-1038",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-108215",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-17215",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code. Huawei HG532 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HuaweiHG532 series router is a wireless router product for home and small office users. Huawei HG532 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-108215",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43414",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-17215",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "102344",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "38553",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "43414",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-97010",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "id": "VAR-201803-1048",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      }
    ],
    "trust": 1.3875
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:06:58.363000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sn-20171130-01-hg532",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
      },
      {
        "title": "Huawei HG532 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77390"
      },
      {
        "title": "HG532d-RCE-Exploit",
        "trust": 0.1,
        "url": "https://github.com/wilfred-wulbou/HG532d-RCE-Exploit "
      },
      {
        "title": "learning-with-sakura",
        "trust": 0.1,
        "url": "https://github.com/0bs3rver/learning-with-sakura "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/102344"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17215"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17215"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/cn/psirt/security-notices/huawei-sn-20171130-01-hg532-cn"
      },
      {
        "trust": 0.6,
        "url": "https://www.checkpoint.com/defense/advisories/public/2017/cpai-2017-1016.html#vulnerability"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/38553"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/my/psirt/security-notices/huawei-sn-20171130-01-hg532-en"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/"
      },
      {
        "trust": 0.3,
        "url": "https://blog.newskysecurity.com/huawei-router-exploit-involved-in-satori-and-brickerbot-given-away-for-free-on-christmas-by-ac52fe5e4516"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "db": "BID",
        "id": "102344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "date": "2018-03-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "date": "2018-03-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "BID",
        "id": "102344"
      },
      {
        "date": "2018-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      },
      {
        "date": "2018-03-20T15:29:00.203000",
        "db": "NVD",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-38447"
      },
      {
        "date": "2018-04-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108215"
      },
      {
        "date": "2018-04-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-17215"
      },
      {
        "date": "2017-12-28T00:00:00",
        "db": "BID",
        "id": "102344"
      },
      {
        "date": "2018-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      },
      {
        "date": "2018-03-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      },
      {
        "date": "2024-11-21T03:17:40.740000",
        "db": "NVD",
        "id": "CVE-2017-17215"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei HG532 Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013014"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-1038"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-17215 (GCVE-0-2017-17215)

CIRCL

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Characteristics

Timestamps

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Confirmed Compromise Confidence: 70% Source: kevintel

Details

References

BDU:2022-02698

CNVD-2017-38447

FKIE_CVE-2017-17215

GHSA-H4HX-PMCG-3856

GSD-2017-17215

VAR-201803-1048

Tags

Sightings

Nomenclature