← back
CVE-2017-17309

CVE-2017-17309

EPSS 7.3%
In short

The Huawei HG255s-10 router has a flaw that allows attackers to read files from the device by manipulating file paths in web requests, without needing a password. This exposes sensitive information stored on the router.

Technical detail

Path traversal vulnerability in HTTP request handling allows unauthenticated remote attackers to access arbitrary files on the device by crafting requests with directory traversal sequences (e.g., '../'). The vulnerability stems from insufficient input validation of file path parameters, enabling disclosure of configuration files and sensitive data.

Summary generated and translated by AI from the official description.
Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication.
Affected products
Huawei Technologies Co., Ltd. · HG255s-10

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.htmlhttp://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255s-en