CVE-2015-8673

Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation.

Published: Jan 12, 2016
Updated: Apr 13, 2023
CVE: CVE-2015-8673
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
huawei / te60_firmware	-	100r001c10b022.x

http://www.huawei.com/en/psirt/security-advisories/hw-462952

Vulnerability Database

289,697

CVE-2015-8673