CVE-2017-17223
CVE-2017-17223
In short
A flaw in Huawei eSpace products allows authorized users to upload or download files from unintended locations on the server by crafting specially designed URLs, potentially exposing sensitive data or crashing the system.
Technical detail
Directory traversal vulnerability in Huawei eSpace 7910, 7950, and 8950 (specific versions) due to insufficient URL validation. Authenticated remote attacker can manipulate path traversal sequences in URLs to access arbitrary files on the filesystem, leading to information disclosure or denial of service via system crash.
Summary generated and translated by AI from the official description.
Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →