Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5234

Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054.

Published

2016-06-13T14:59:09.290

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	huawei	rse6500	-	No
Operating System	huawei	rse6500_firmware	v100r001c00	Yes
Operating System	huawei	vp9600_series_firmware	v200r001c01	Yes
Operating System	huawei	vp9600_series_firmware	v200r001c02	Yes
Operating System	huawei	vp9600_series_firmware	v200r001c30	Yes
Hardware	huawei	vp9630	-	No
Hardware	huawei	vp9650	-	No
Hardware	huawei	vp9660	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160601-01-videoconference-en Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/90978 ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160601-01-videoconference-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/90978 (af854a3a-2127-422b-91ae-364da2661108)