CVE-2017-8136

Published: Nov 22, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak.

Affected (1)

Products: Huawei: Hedex Lite

Huawei

1 product

Hedex Lite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Hedex Lite	Before v200r006c00

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-01-hedex-en

Source: psirt@huawei.com

Issue TrackingVendor Advisory

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-01-hedex-en

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.