Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-8673

Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation.

Published

2016-01-12T20:59:06.560

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-255

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	huawei	te30	-	Yes
Hardware	huawei	te40	-	Yes
Hardware	huawei	te50	-	Yes
Hardware	huawei	te60	-	Yes
Operating System	huawei	te60_firmware	≤ v100r001c10b022	Yes

References

http://www.huawei.com/en/psirt/security-advisories/hw-462952 ([email protected])
http://www.huawei.com/en/psirt/security-advisories/hw-462952 (af854a3a-2127-422b-91ae-364da2661108)