CVE-2023-5142

moderate-risk
Published 2023-09-24

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Do I need to act?

-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10 Low
NETWORK / HIGH complexity

Affected Products (15)

Gr-1100-P Firmware
Gr-1108-P Firmware
Gr-2200 Firmware
Gr-3200 Firmware
Gr-5200 Firmware
Gr-8300 Firmware
Er3260G2 Firmware
Er5200G2 Firmware
Er3200G2 Firmware
Er2100N Firmware
Er6300G2 Firmware
Er5100G2 Firmware
Er2200G2 Firmware

Affected Vendors

H3C

References (8)

Exploit https://github.com/CJCniubi666/H3C-ER/blob/main/README.md
Exploit https://github.com/yinsel/CVE-H3C-Report
Permissions Required https://vuldb.com/?ctiid.240238
Third Party Advisory https://vuldb.com/?id.240238
Exploit https://github.com/CJCniubi666/H3C-ER/blob/main/README.md
Exploit https://github.com/yinsel/CVE-H3C-Report
Permissions Required https://vuldb.com/?ctiid.240238
Third Party Advisory https://vuldb.com/?id.240238
32
/ 100
moderate-risk
Severity 13/34 · Low
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate