VAR-201601-0428
Vulnerability from variot - Updated: 2025-04-12 23:16Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log. Huawei VCN500 is an integrated intelligent video surveillance product from China Huawei. Huawei VCN500 has an authentication bypass vulnerability that allows remote attackers to exploit the vulnerability to gain unauthorized access to the device. Huawei VCN500 is prone to an authentication-bypass vulnerability. The vulnerability is caused by the program recording passwords in plain text
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0428",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vcn500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v100r002c00spc200b010"
},
{
"model": "vcn500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v100r002c00spc200"
},
{
"model": "vcn500",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "vcn500",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v100r002c00spc201"
},
{
"model": "vcn500 v100r002c00spc200b01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vcn500 v100r002c00spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vcn500 v100r002c00spc201",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08192"
},
{
"db": "BID",
"id": "78095"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006731"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-200"
},
{
"db": "NVD",
"id": "CVE-2015-8335"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:huawei:vcn500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:huawei:vcn500",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006731"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei",
"sources": [
{
"db": "BID",
"id": "78095"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-200"
}
],
"trust": 0.9
},
"cve": "CVE-2015-8335",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2015-8335",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-08192",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-86296",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2015-8335",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8335",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-8335",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-08192",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-200",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86296",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-8335",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08192"
},
{
"db": "VULHUB",
"id": "VHN-86296"
},
{
"db": "VULMON",
"id": "CVE-2015-8335"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006731"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-200"
},
{
"db": "NVD",
"id": "CVE-2015-8335"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log. Huawei VCN500 is an integrated intelligent video surveillance product from China Huawei. Huawei VCN500 has an authentication bypass vulnerability that allows remote attackers to exploit the vulnerability to gain unauthorized access to the device. Huawei VCN500 is prone to an authentication-bypass vulnerability. The vulnerability is caused by the program recording passwords in plain text",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8335"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006731"
},
{
"db": "CNVD",
"id": "CNVD-2015-08192"
},
{
"db": "BID",
"id": "78095"
},
{
"db": "VULHUB",
"id": "VHN-86296"
},
{
"db": "VULMON",
"id": "CVE-2015-8335"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8335",
"trust": 3.5
},
{
"db": "BID",
"id": "78095",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-200",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08192",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-86296",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-8335",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08192"
},
{
"db": "VULHUB",
"id": "VHN-86296"
},
{
"db": "VULMON",
"id": "CVE-2015-8335"
},
{
"db": "BID",
"id": "78095"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006731"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-200"
},
{
"db": "NVD",
"id": "CVE-2015-8335"
}
]
},
"id": "VAR-201601-0428",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08192"
},
{
"db": "VULHUB",
"id": "VHN-86296"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08192"
}
]
},
"last_update_date": "2025-04-12T23:16:47.541000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151126-04-VCN500",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-463084"
},
{
"title": "Huawei VCN500 authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/68319"
},
{
"title": "Huawei VCN500 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59045"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08192"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006731"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-200"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006731"
},
{
"db": "NVD",
"id": "CVE-2015-8335"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463084.htm"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/78095"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8335"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8335"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-463084.htm"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08192"
},
{
"db": "VULHUB",
"id": "VHN-86296"
},
{
"db": "VULMON",
"id": "CVE-2015-8335"
},
{
"db": "BID",
"id": "78095"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006731"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-200"
},
{
"db": "NVD",
"id": "CVE-2015-8335"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08192"
},
{
"db": "VULHUB",
"id": "VHN-86296"
},
{
"db": "VULMON",
"id": "CVE-2015-8335"
},
{
"db": "BID",
"id": "78095"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006731"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-200"
},
{
"db": "NVD",
"id": "CVE-2015-8335"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08192"
},
{
"date": "2016-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-86296"
},
{
"date": "2016-01-11T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8335"
},
{
"date": "2015-11-26T00:00:00",
"db": "BID",
"id": "78095"
},
{
"date": "2016-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006731"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-200"
},
{
"date": "2016-01-11T15:59:06.700000",
"db": "NVD",
"id": "CVE-2015-8335"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08192"
},
{
"date": "2016-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-86296"
},
{
"date": "2016-01-11T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8335"
},
{
"date": "2015-11-26T00:00:00",
"db": "BID",
"id": "78095"
},
{
"date": "2016-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006731"
},
{
"date": "2016-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-200"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-8335"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-200"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei VCN500 Vulnerabilities in which important information is obtained in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-200"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…