Vulnerability CVE-2015-8673
Published: 2016-01-12

Description:
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation.

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Huawei -> TE30 
Huawei -> TE40 
Huawei -> TE50 
Huawei -> TE60 
Huawei -> Te60 firmware 

 References:
http://www.huawei.com/en/psirt/security-advisories/hw-462952
Copyright 2024, cxsecurity.com

 

Back to Top