Vulnerability-Lookup

CVE-2017-2736 (GCVE-0-2017-2736)

Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 18:19

Summary

Severity ?

No CVSS data available.

CWE

command injection

Assigner

huawei

References

URL

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	VCM5010	Affected: Versions earlier before V100R002C50SPC100

FKIE_CVE-2017-2736

Vulnerability from fkie_nvd - Published: 2017-11-22 19:29 - Updated: 2025-04-20 01:37

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en	Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/97231	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97231	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	huawei	vcm5010_firmware	*
	huawei	vcm5010	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:vcm5010_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6969FA3C-0452-4C0F-BA42-9B5152C6E669",
              "versionEndExcluding": "v100r002c50spc100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:vcm5010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B3EC85-DDD0-4AB6-9048-5C192F1D8251",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user\u0027s input. An authenticated attacker could launch a command injection attack."
    },
    {
      "lang": "es",
      "value": "VCM5010 con versiones de software anteriores a la V100R002C50SPC100 tiene una vulnerabilidad de inyecci\u00f3n de comandos. Esto se debe a una validaci\u00f3n insuficiente de las entradas del usuario. Un atacante autenticado podr\u00eda realizar un ataque de inyecci\u00f3n de comandos."
    }
  ],
  "id": "CVE-2017-2736",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-22T19:29:01.960",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97231"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201711-0252

Vulnerability from variot - Updated: 2025-04-20 23:19

VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack. VCM5010 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. VCM5010 is a video content management platform of China Huawei, which is an integrated video big data analysis device. Huawei VCM5010 is prone to following security vulnerabilities: 1. An arbitrary file upload vulnerability 3. An authentication bypass vulnerability Attackers can exploit these issues to execute arbitrary commands, upload arbitrary files, or bypass the authentication mechanism and perform unauthorized actions. Other attacks may also be possible. Versions prior to VCM5010 V100R002C50SPC100 are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0252",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "vcm5010",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "huawei",
        "version": "v100r002c50spc100"
      },
      {
        "model": "vcm5010 \u003cv100r002c50spc100",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vcm5010",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "0"
      },
      {
        "model": "vcm5010 v100r002c50spc100",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03718"
      },
      {
        "db": "BID",
        "id": "97231"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2736"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:huawei:vcm5010_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei",
    "sources": [
      {
        "db": "BID",
        "id": "97231"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1399"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-2736",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2017-2736",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-03718",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2017-2736",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2736",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-2736",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-03718",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-1399",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1399"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2736"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user\u0027s input. An authenticated attacker could launch a command injection attack. VCM5010 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. VCM5010 is a video content management platform of China Huawei, which is an integrated video big data analysis device. Huawei VCM5010 is prone to following security vulnerabilities:\n1. An arbitrary file upload vulnerability\n3. An authentication bypass vulnerability\nAttackers can exploit these issues to execute arbitrary commands, upload arbitrary files, or bypass the authentication mechanism and perform unauthorized actions. Other attacks may also be possible. \nVersions prior to VCM5010 V100R002C50SPC100 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-03718"
      },
      {
        "db": "BID",
        "id": "97231"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2736",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "97231",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010720",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-03718",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1399",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03718"
      },
      {
        "db": "BID",
        "id": "97231"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1399"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2736"
      }
    ]
  },
  "id": "VAR-201711-0252",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03718"
      }
    ],
    "trust": 1.21538464
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03718"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:19:45.119000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20170329-01-vcm",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en"
      },
      {
        "title": "HuaweiVCM5010 command injection vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/91331"
      },
      {
        "title": "Huawei VCM5010 Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68897"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1399"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2736"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/97231"
      },
      {
        "trust": 1.6,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2736"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2736"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170329-01-vcm-cn"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/"
      },
      {
        "trust": 0.3,
        "url": "http://e.huawei.com/en/products/enterprise-networking/video-surveillance/intelligent-cloud/vcm5010"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170329-01-vcm-en"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03718"
      },
      {
        "db": "BID",
        "id": "97231"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1399"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2736"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03718"
      },
      {
        "db": "BID",
        "id": "97231"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1399"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2736"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-03718"
      },
      {
        "date": "2017-03-29T00:00:00",
        "db": "BID",
        "id": "97231"
      },
      {
        "date": "2017-12-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1399"
      },
      {
        "date": "2017-11-22T19:29:01.960000",
        "db": "NVD",
        "id": "CVE-2017-2736"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-03718"
      },
      {
        "date": "2017-04-04T00:02:00",
        "db": "BID",
        "id": "97231"
      },
      {
        "date": "2017-12-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1399"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-2736"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1399"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VCM5010 Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1399"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "command injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1399"
      }
    ],
    "trust": 0.6
  }
}

GHSA-GFR3-86VC-G2M4

Vulnerability from github – Published: 2022-05-17 00:16 – Updated: 2022-05-17 00:16

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-22T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user\u0027s input. An authenticated attacker could launch a command injection attack.",
  "id": "GHSA-gfr3-86vc-g2m4",
  "modified": "2022-05-17T00:16:44Z",
  "published": "2022-05-17T00:16:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2736"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97231"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-03718

Vulnerability from cnvd - Published: 2017-03-31

Title

Huawei VCM5010命令注入漏洞

Description

VCM5010是中国华为（Huawei）公司的一款视频内容管理平台，是一体化视频大数据分析设备。 Huawei VCM5010存在命令注入漏洞，由于对用户的输入校验不充分，攻击者可利用漏洞进行命令注入攻击。

Severity

高

Patch Name

Huawei VCM5010命令注入漏洞的补丁

Patch Description

VCM5010是中国华为（Huawei）公司的一款视频内容管理平台，是一体化视频大数据分析设备。 Huawei VCM5010存在命令注入漏洞，由于对用户的输入校验不充分，攻击者可利用漏洞进行命令注入攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

华为已发布版本修复该漏洞，安全预警链接： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170329-01-vcm-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170329-01-vcm-cn

Impacted products

Name
Huawei VCM5010 <V100R002C50SPC100

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2736"
    }
  },
  "description": "VCM5010\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u89c6\u9891\u5185\u5bb9\u7ba1\u7406\u5e73\u53f0\uff0c\u662f\u4e00\u4f53\u5316\u89c6\u9891\u5927\u6570\u636e\u5206\u6790\u8bbe\u5907\u3002\r\n\r\nHuawei VCM5010\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5bf9\u7528\u6237\u7684\u8f93\u5165\u6821\u9a8c\u4e0d\u5145\u5206\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u547d\u4ee4\u6ce8\u5165\u653b\u51fb\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u534e\u4e3a\u5df2\u53d1\u5e03\u7248\u672c\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5b89\u5168\u9884\u8b66\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170329-01-vcm-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-03718",
  "openTime": "2017-03-31",
  "patchDescription": "VCM5010\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u89c6\u9891\u5185\u5bb9\u7ba1\u7406\u5e73\u53f0\uff0c\u662f\u4e00\u4f53\u5316\u89c6\u9891\u5927\u6570\u636e\u5206\u6790\u8bbe\u5907\u3002\r\n\r\nHuawei VCM5010\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5bf9\u7528\u6237\u7684\u8f93\u5165\u6821\u9a8c\u4e0d\u5145\u5206\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u547d\u4ee4\u6ce8\u5165\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei VCM5010\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei VCM5010 \u003cV100R002C50SPC100"
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170329-01-vcm-cn",
  "serverity": "\u9ad8",
  "submitTime": "2017-03-31",
  "title": "Huawei VCM5010\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

GSD-2017-2736

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2736

Aliases

CVE-2017-2736

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2736",
    "description": "VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user\u0027s input. An authenticated attacker could launch a command injection attack.",
    "id": "GSD-2017-2736"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2736"
      ],
      "details": "VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user\u0027s input. An authenticated attacker could launch a command injection attack.",
      "id": "GSD-2017-2736",
      "modified": "2023-12-13T01:21:05.581720Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "DATE_PUBLIC": "2017-11-15T00:00:00",
        "ID": "CVE-2017-2736",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "VCM5010",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Versions earlier before V100R002C50SPC100"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei Technologies Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user\u0027s input. An authenticated attacker could launch a command injection attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "command injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en"
          },
          {
            "name": "97231",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97231"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:vcm5010_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "v100r002c50spc100",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:vcm5010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-2736"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user\u0027s input. An authenticated attacker could launch a command injection attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en"
            },
            {
              "name": "97231",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97231"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-12-11T17:44Z",
      "publishedDate": "2017-11-22T19:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2736 (GCVE-0-2017-2736)

FKIE_CVE-2017-2736

VAR-201711-0252

GHSA-GFR3-86VC-G2M4

CNVD-2017-03718

GSD-2017-2736

Tags

Sightings

Nomenclature