Skip to main content

Huawei CVE-2023-7300

HIGH
Path Traversal: '.../...//' (CWE-35)
2024-12-26 psirt@huawei.com
8.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.0 HIGH
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 26, 2024 - 09:15 cve.org
HIGH 8.0

DescriptionCVE.org

Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613)

AnalysisAI

Huawei Home Music System has a path traversal vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-35. Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613)

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Huawei

View all
CVE-2014-9222 CRITICAL POC
10.0 Dec 24

AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows re

CVE-2013-4630 HIGH POC
7.6 Jun 20

Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allow

CVE-2016-2231 CRITICAL POC
9.8 Feb 15

The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the c

CVE-2012-4960 MEDIUM POC
6.5 Jun 20

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605

CVE-2015-7254 MEDIUM POC
5.0 Nov 07

Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary

CVE-2020-37220 HIGH POC
8.7 May 13

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain a

CVE-2013-4631 HIGH POC
7.8 Jun 20

Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of se

CVE-2015-8088 HIGH POC
7.8 Jan 12

Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7

CVE-2014-8358 HIGH POC
7.8 Dec 11

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014)

CVE-2016-5821 HIGH POC
7.8 Jul 13

Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUIL

CVE-2014-9223 CRITICAL
10.0 Dec 24

Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and product

CVE-2014-8359 HIGH POC
7.2 Nov 13

Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute

Share

CVE-2023-7300 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy