A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://flowus.cn/share/3cec9266-793a-498e-acdb-4296b09a8c89?code=G8A6P3 | Permissions Required |
https://vuldb.com/?ctiid.310248 | Permissions Required VDB Entry |
https://vuldb.com/?id.310248 | Third Party Advisory |
https://vuldb.com/?submit.576232 | Third Party Advisory VDB Entry |
Configurations
History
03 Jun 2025, 15:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
H3c
H3c seccenter Smp-1114p02 |
|
References | () https://flowus.cn/share/3cec9266-793a-498e-acdb-4296b09a8c89?code=G8A6P3 - Permissions Required | |
References | () https://vuldb.com/?ctiid.310248 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.310248 - Third Party Advisory | |
References | () https://vuldb.com/?submit.576232 - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:h3c:seccenter_smp-1114p02:*:*:*:*:*:*:*:* |
28 May 2025, 15:01
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
26 May 2025, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-26 00:15
Updated : 2025-06-03 15:50
NVD link : CVE-2025-5160
Mitre link : CVE-2025-5160
CVE.ORG link : CVE-2025-5160
JSON object : View
Products Affected
h3c
- seccenter_smp-1114p02
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')