CVE-2015-7847 - OpenCVE

Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	E3272s E3272s Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:e3272s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:e3272s:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/hw-450877

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2017-04-02T20:00:00

Updated: 2024-08-06T07:59:00.583Z

Reserved: 2015-10-16T00:00:00

Link: CVE-2015-7847

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-04-02T20:59:00.780

Modified: 2017-04-11T01:02:08.693

Link: CVE-2015-7847

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "E3272s Versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00", "vendor": "n/a", "versions": [{"status": "affected", "version": "E3272s Versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00"}]}], "datePublic": "2017-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack."}], "problemTypes": [{"descriptions": [{"description": "DOS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-02T19:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/hw-450877"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2015-7847", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "E3272s Versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00", "version": {"version_data": [{"version_value": "E3272s Versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DOS"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/hw-450877", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/hw-450877"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:59:00.583Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/hw-450877"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2015-7847", "datePublished": "2017-04-02T20:00:00", "dateReserved": "2015-10-16T00:00:00", "dateUpdated": "2024-08-06T07:59:00.583Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e3272s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2923F5D8-7244-4D9E-8AF4-56CC3954C6E3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:e3272s:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC36F20C-F016-46D5-BAC5-74068B378EE6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack."}, {"lang": "es", "value": "El producto Huawei MBB (Mobile Broadband) E3272s con versiones de software anteriores a E3272s-153TCPU-V200R002B491D09SP00C00 tiene una vulnerabilidad de denegaci\u00f3n de servicio (DoS). Un atacante podr\u00eda enviar un paquete malicioso a la Common Gateway Interface (CGI) de un dispositivo de destino y hacer que falle mientras establece el atributo port, lo que provoca un ataque DoS."}], "id": "CVE-2015-7847", "lastModified": "2017-04-11T01:02:08.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-02T20:59:00.780", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/hw-450877"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}