VAR-201704-1022
Vulnerability from variot - Updated: 2025-04-20 23:05Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS. HuaweieSpaceIAD is a comprehensive access device for Huawei's IP voice and unified communications solutions. A reflective cross-site scripting vulnerability exists in Huawei eSpaceIAD products. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other attacks. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. The following versions are affected: Huawei eSpace IAD V300R001C20, Huawei eSpace IAD V300R001C07, Huawei eSpace IAD V300R001C06, Huawei eSpace IAD V300R001C04, Huawei eSpace IAD V300R001C03
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1022",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "espace integrated access device",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v300r001c03"
},
{
"model": "espace integrated access device",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v300r001c04"
},
{
"model": "espace integrated access device",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v300r001c06"
},
{
"model": "espace integrated access device",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v300r001c07"
},
{
"model": "espace integrated access device",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v300r001c20"
},
{
"model": "espace iad v300r001c03",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "espace iad v300r001c04",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "espace iad v300r001c06",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "espace iad v300r001c20",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "espace iad v300r001c07",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "espace iad v300r001c07spc200",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11725"
},
{
"db": "BID",
"id": "94613"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008219"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-016"
},
{
"db": "NVD",
"id": "CVE-2016-8789"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:espace_integrated_access_device_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008219"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jiang Zhiwei.",
"sources": [
{
"db": "BID",
"id": "94613"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-016"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8789",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-8789",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11725",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-97609",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-8789",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8789",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-8789",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-11725",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-016",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97609",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11725"
},
{
"db": "VULHUB",
"id": "VHN-97609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008219"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-016"
},
{
"db": "NVD",
"id": "CVE-2016-8789"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS. HuaweieSpaceIAD is a comprehensive access device for Huawei\u0027s IP voice and unified communications solutions. A reflective cross-site scripting vulnerability exists in Huawei eSpaceIAD products. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other attacks. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. The following versions are affected: Huawei eSpace IAD V300R001C20, Huawei eSpace IAD V300R001C07, Huawei eSpace IAD V300R001C06, Huawei eSpace IAD V300R001C04, Huawei eSpace IAD V300R001C03",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8789"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008219"
},
{
"db": "CNVD",
"id": "CNVD-2016-11725"
},
{
"db": "BID",
"id": "94613"
},
{
"db": "VULHUB",
"id": "VHN-97609"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8789",
"trust": 3.4
},
{
"db": "BID",
"id": "94613",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008219",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-016",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11725",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97609",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11725"
},
{
"db": "VULHUB",
"id": "VHN-97609"
},
{
"db": "BID",
"id": "94613"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008219"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-016"
},
{
"db": "NVD",
"id": "CVE-2016-8789"
}
]
},
"id": "VAR-201704-1022",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11725"
},
{
"db": "VULHUB",
"id": "VHN-97609"
}
],
"trust": 1.3236111099999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11725"
}
]
},
"last_update_date": "2025-04-20T23:05:09.861000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20161130-01-espace",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en"
},
{
"title": "Huawei eSpaceIAD product has a patch for reflective cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84782"
},
{
"title": "Huawei eSpace IAD Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65995"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11725"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008219"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-016"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008219"
},
{
"db": "NVD",
"id": "CVE-2016-8789"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94613"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8789"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8789"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161130-01-espace-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11725"
},
{
"db": "VULHUB",
"id": "VHN-97609"
},
{
"db": "BID",
"id": "94613"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008219"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-016"
},
{
"db": "NVD",
"id": "CVE-2016-8789"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11725"
},
{
"db": "VULHUB",
"id": "VHN-97609"
},
{
"db": "BID",
"id": "94613"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008219"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-016"
},
{
"db": "NVD",
"id": "CVE-2016-8789"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11725"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97609"
},
{
"date": "2016-12-01T00:00:00",
"db": "BID",
"id": "94613"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008219"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-016"
},
{
"date": "2017-04-02T20:59:01.610000",
"db": "NVD",
"id": "CVE-2016-8789"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11725"
},
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97609"
},
{
"date": "2016-12-20T02:04:00",
"db": "BID",
"id": "94613"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008219"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-016"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8789"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-016"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei eSpace Integrated Access Device Software cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008219"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-016"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…