Vulnerabilities > CVE-2016-2780 - DLL Loading Local Code Execution vulnerability in Huawei Utps Firmware 23.009.09.00.983

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

huawei

NVD

Published: 2016-04-13

Updated: 2016-04-28

Summary

Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory. <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>

Vulnerable Configurations

Part	Description	Count
Application	Huawei Huawei Utps Firmware 23.009.09.00.983	1

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160302-01-utps-en