VAR-201708-0156
Vulnerability from variot - Updated: 2025-04-20 23:22SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. Huawei VCN500 Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei VCN500 is an integrated intelligent video surveillance product from China Huawei. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Operation and Maintenance Unit (OMU) is one of the communication units used to control BSC and monitor the operation of BTS and TC. SQL injection vulnerabilities exist in the OMU module of Huawei VCN500 V100R002C00SPC200B010 and V100R002C00SPC200. The vulnerability stems from the fact that the program does not perform parameter verification on the received HTTP request message
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0156",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vcn500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v100r002c00spc200"
},
{
"model": "vcn500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v100r002c00spc200b010"
},
{
"model": "vcn500",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v100r002c00spc201"
},
{
"model": "vcn500",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vcn500 v100r002c00spc200b01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vcn500 v100r002c00spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vcn500 v100r002c00spc201",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08193"
},
{
"db": "BID",
"id": "78076"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007832"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-201"
},
{
"db": "NVD",
"id": "CVE-2015-8334"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:vcn500",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007832"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "78076"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2015-8334",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-08193",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-86295",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2015-8334",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8334",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-8334",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-08193",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86295",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08193"
},
{
"db": "VULHUB",
"id": "VHN-86295"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007832"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-201"
},
{
"db": "NVD",
"id": "CVE-2015-8334"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. Huawei VCN500 Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei VCN500 is an integrated intelligent video surveillance product from China Huawei. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Operation and Maintenance Unit (OMU) is one of the communication units used to control BSC and monitor the operation of BTS and TC. SQL injection vulnerabilities exist in the OMU module of Huawei VCN500 V100R002C00SPC200B010 and V100R002C00SPC200. The vulnerability stems from the fact that the program does not perform parameter verification on the received HTTP request message",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8334"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007832"
},
{
"db": "CNVD",
"id": "CNVD-2015-08193"
},
{
"db": "BID",
"id": "78076"
},
{
"db": "VULHUB",
"id": "VHN-86295"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8334",
"trust": 3.4
},
{
"db": "BID",
"id": "78076",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007832",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-201",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08193",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-90157",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-86295",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08193"
},
{
"db": "VULHUB",
"id": "VHN-86295"
},
{
"db": "BID",
"id": "78076"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007832"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-201"
},
{
"db": "NVD",
"id": "CVE-2015-8334"
}
]
},
"id": "VAR-201708-0156",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08193"
},
{
"db": "VULHUB",
"id": "VHN-86295"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08193"
}
]
},
"last_update_date": "2025-04-20T23:22:15.226000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151126-03-VCN500",
"trust": 0.8,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463072.htm"
},
{
"title": "Huawei VCN500 SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/68320"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08193"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007832"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86295"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007832"
},
{
"db": "NVD",
"id": "CVE-2015-8334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463072.htm"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/78076"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8334"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8334"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-463072.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08193"
},
{
"db": "VULHUB",
"id": "VHN-86295"
},
{
"db": "BID",
"id": "78076"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007832"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-201"
},
{
"db": "NVD",
"id": "CVE-2015-8334"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08193"
},
{
"db": "VULHUB",
"id": "VHN-86295"
},
{
"db": "BID",
"id": "78076"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007832"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-201"
},
{
"db": "NVD",
"id": "CVE-2015-8334"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08193"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-86295"
},
{
"date": "2015-11-26T00:00:00",
"db": "BID",
"id": "78076"
},
{
"date": "2017-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007832"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-201"
},
{
"date": "2017-08-29T15:29:00.613000",
"db": "NVD",
"id": "CVE-2015-8334"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08193"
},
{
"date": "2017-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-86295"
},
{
"date": "2015-11-26T00:00:00",
"db": "BID",
"id": "78076"
},
{
"date": "2017-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007832"
},
{
"date": "2017-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-201"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-8334"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei VCN500 In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007832"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-201"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…