VAR-201610-0210
Vulnerability from variot - Updated: 2025-04-13 23:41Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. Multiple Huawei Products are prone to an directory-traversal vulnerability. This may aid in further attacks. Huawei eSight is a new generation of overall operation and maintenance management solution for enterprise basic network, unified communication, telepresence conferencing, video surveillance and data center developed by Huawei in China. This solution supports unified monitoring and configuration management for multi-vendor and multi-type equipment, and monitors and analyzes network and service quality. There is a path traversal vulnerability in Huawei eSight V300R002C00, V300R003C10, and V300R003C20. The vulnerability is caused by the program not fully verifying the path. Remote attackers can exploit this vulnerability to download unauthorized files, resulting in information disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esight",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r003c20"
},
{
"model": "esight",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r002c00"
},
{
"model": "esight",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r003c10"
},
{
"model": "esight",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r003c20spc005"
},
{
"model": "esight v300r003c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "esight v300r003c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "esight v300r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "esight v300r003c20spc005",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "93190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005103"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-650"
},
{
"db": "NVD",
"id": "CVE-2016-8280"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:esight",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005103"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "93190"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8280",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-8280",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-97100",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-8280",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8280",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-8280",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-650",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97100",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97100"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005103"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-650"
},
{
"db": "NVD",
"id": "CVE-2016-8280"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. Multiple Huawei Products are prone to an directory-traversal vulnerability. This may aid in further attacks. Huawei eSight is a new generation of overall operation and maintenance management solution for enterprise basic network, unified communication, telepresence conferencing, video surveillance and data center developed by Huawei in China. This solution supports unified monitoring and configuration management for multi-vendor and multi-type equipment, and monitors and analyzes network and service quality. There is a path traversal vulnerability in Huawei eSight V300R002C00, V300R003C10, and V300R003C20. The vulnerability is caused by the program not fully verifying the path. Remote attackers can exploit this vulnerability to download unauthorized files, resulting in information disclosure",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8280"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005103"
},
{
"db": "BID",
"id": "93190"
},
{
"db": "VULHUB",
"id": "VHN-97100"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8280",
"trust": 2.8
},
{
"db": "BID",
"id": "93190",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005103",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-650",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97100",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97100"
},
{
"db": "BID",
"id": "93190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005103"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-650"
},
{
"db": "NVD",
"id": "CVE-2016-8280"
}
]
},
"id": "VAR-201610-0210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97100"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:41:16.935000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160928-01-pathtraversal",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en"
},
{
"title": "Huawei eSight Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64417"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005103"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-650"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97100"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005103"
},
{
"db": "NVD",
"id": "CVE-2016-8280"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/93190"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8280"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8280"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160928-01-pathtraversal-en"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97100"
},
{
"db": "BID",
"id": "93190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005103"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-650"
},
{
"db": "NVD",
"id": "CVE-2016-8280"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97100"
},
{
"db": "BID",
"id": "93190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005103"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-650"
},
{
"db": "NVD",
"id": "CVE-2016-8280"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-97100"
},
{
"date": "2016-09-28T00:00:00",
"db": "BID",
"id": "93190"
},
{
"date": "2016-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005103"
},
{
"date": "2016-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-650"
},
{
"date": "2016-10-03T21:59:12.723000",
"db": "NVD",
"id": "CVE-2016-8280"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-97100"
},
{
"date": "2016-10-03T00:00:00",
"db": "BID",
"id": "93190"
},
{
"date": "2016-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005103"
},
{
"date": "2016-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-650"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-8280"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-650"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei eSight Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005103"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-650"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…