CVE-2023-5142 – H3C ER6300G2 Config File userLogin.asp path traversal

https://notcve.org/view.php?id=CVE-2023-5142

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. • https://github.com/CJCniubi666/H3C-ER/blob/main/README.md https://github.com/yinsel/CVE-H3C-Report https://vuldb.com/?ctiid.240238 https://vuldb.com/?id.240238 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •