CVE-2015-8228
Severity Score
4.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors.
Vulnerabilidad de salto de directorio en el servidor SFTP en routers Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200 y 3600 con software anterior a V200R006SPH003 permite a usuarios remotos autenticados acceder a directorios arbitrarios a través de vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-11-17 CVE Reserved
- 2015-11-24 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm | 2015-11-25 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Huawei Search vendor "Huawei" | Ar Firmware Search vendor "Huawei" for product "Ar Firmware" | <= v200r006c10 Search vendor "Huawei" for product "Ar Firmware" and version " <= v200r006c10" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ar120 Search vendor "Huawei" for product "Ar120" | * | - |
Safe
|
| Huawei Search vendor "Huawei" | Ar Firmware Search vendor "Huawei" for product "Ar Firmware" | <= v200r006c10 Search vendor "Huawei" for product "Ar Firmware" and version " <= v200r006c10" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ar1200 Search vendor "Huawei" for product "Ar1200" | * | - |
Safe
|
| Huawei Search vendor "Huawei" | Ar Firmware Search vendor "Huawei" for product "Ar Firmware" | <= v200r006c10 Search vendor "Huawei" for product "Ar Firmware" and version " <= v200r006c10" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ar150 Search vendor "Huawei" for product "Ar150" | * | - |
Safe
|
| Huawei Search vendor "Huawei" | Ar Firmware Search vendor "Huawei" for product "Ar Firmware" | <= v200r006c10 Search vendor "Huawei" for product "Ar Firmware" and version " <= v200r006c10" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ar160 Search vendor "Huawei" for product "Ar160" | * | - |
Safe
|
| Huawei Search vendor "Huawei" | Ar Firmware Search vendor "Huawei" for product "Ar Firmware" | <= v200r006c10 Search vendor "Huawei" for product "Ar Firmware" and version " <= v200r006c10" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ar200 Search vendor "Huawei" for product "Ar200" | * | - |
Safe
|
| Huawei Search vendor "Huawei" | Ar Firmware Search vendor "Huawei" for product "Ar Firmware" | <= v200r006c10 Search vendor "Huawei" for product "Ar Firmware" and version " <= v200r006c10" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ar2200 Search vendor "Huawei" for product "Ar2200" | * | - |
Safe
|
| Huawei Search vendor "Huawei" | Ar Firmware Search vendor "Huawei" for product "Ar Firmware" | <= v200r006c10 Search vendor "Huawei" for product "Ar Firmware" and version " <= v200r006c10" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ar3200 Search vendor "Huawei" for product "Ar3200" | * | - |
Safe
|
| Huawei Search vendor "Huawei" | Ar Firmware Search vendor "Huawei" for product "Ar Firmware" | <= v200r006c10 Search vendor "Huawei" for product "Ar Firmware" and version " <= v200r006c10" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ar3600 Search vendor "Huawei" for product "Ar3600" | * | - |
Safe
|
| Huawei Search vendor "Huawei" | Ar Firmware Search vendor "Huawei" for product "Ar Firmware" | <= v200r006c10 Search vendor "Huawei" for product "Ar Firmware" and version " <= v200r006c10" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ar500 Search vendor "Huawei" for product "Ar500" | * | - |
Safe
|