H3C ER6300G2 Config File userLogin.asp path traversal

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

对路径名的限制不恰当(路径遍历)

H3C ER Series 路径遍历漏洞

H3C ER Series是中国新华三（H3C）公司的一系列路由器。 H3C ER Series 存在路径遍历漏洞，该漏洞源于 /userLogin.asp 的部分代码可能导致路径遍历。

N/A

N/A