Published: 14/06/2018 Updated: 15/01/2020

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 695

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
huawei hg255s-10_firmware v100r001c163b025sp02

🚀 Server Directory Traversal at Huawei HG255s ☄️ - CVE-2017-17309 🚀

Server Directory Traversal at Huawei HG255s - CVE-2017-17309 Letter of Thanks Exploit Title: [Server Directory Traversal at Huawei HG255s] Exploit Author: [Ismail Tasdelen] CVE : CVE-2017-17309 Vendor Homepage: [wwwhuaweicom] Software Link: [Not published this modem just used by Turkey] Version: [V100R001C163B025SP02] Finding Vulnerabilities and Approved Exploits

🚀 Server Directory Traversal at Huawei HG255s ☄️ - CVE-2017-17309 🚀

Server Directory Traversal at Huawei HG255s - CVE-2017-17309 Letter of Thanks Exploit Title: [Server Directory Traversal at Huawei HG255s] Exploit Author: [Ismail Tasdelen] CVE : CVE-2017-17309 Vendor Homepage: [wwwhuaweicom] Software Link: [Not published this modem just used by Turkey] Version: [V100R001C163B025SP02] Finding Vulnerabilities and Approved Exploits

CWE-22 http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255s-en http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.html https://nvd.nist.gov https://github.com/exploit-labs/huawei_hg255s_exploit

CVE-2017-17309

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect