huawei utps_firmware Security Vulnerabilities

2 Vulnerabilities
Description

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.

Impacted versions: *

Base Score: 7.2, Severity: HIGH, ID: CVE-2016-8769, Last Modified: 2017-09-03T01:29:00Z

References

Vendor Advisory Third Party Advisory Third Party Advisory Third Party Advisory

Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory.~<a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>

Impacted versions: 23.009.09.00.983

Base Score: 7.2, Severity: HIGH, ID: CVE-2016-2780, Last Modified: 2016-04-28T17:40:00Z

References

Vendor Advisory
Free Home-Networking Courses, tutorials and security checklists

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.