Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Huawei Subscribe
Filtered by product Vcm5010
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2738 1 Huawei 2 Vcm5010, Vcm5010 Firmware 2017-12-11 7.5 HIGH 9.8 CRITICAL
VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
CVE-2017-2737 1 Huawei 2 Vcm5010, Vcm5010 Firmware 2017-12-11 6.5 MEDIUM 8.8 HIGH
VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.
CVE-2017-2736 1 Huawei 2 Vcm5010, Vcm5010 Firmware 2017-12-11 6.5 MEDIUM 7.2 HIGH
VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack.
CVE-2015-8332 1 Huawei 4 Vcm5010, Vcm5010 Firmware, Vcm5020 and 1 more 2017-09-07 6.5 MEDIUM 8.8 HIGH
Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability."