Vulnerabilities > CVE-2015-8675 - Credentials Management vulnerability in Huawei S5300 Firmware V200R005C02

CVSS 6.2 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

huawei

CWE-255

NVD

Published: 2016-01-15

Updated: 2016-01-21

Summary

Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei S5300 Firmware V200R005C02	1
Hardware	Huawei Huawei S5300 *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160112-01-switch-en