CVE-2023-5142

Name: CVE-2023-5142
Creator: NVD / NIST
Published: 2023-09-24T22:15:10.087+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 2.32%

Last modified Jun 17, 2026

CVE-2023-5142 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. EPSS estimates a 2.32% chance of exploitation in the next 30 days.

Description

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

2.32%

81.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
H3c	Gr-1100-P Firmware	<= 20230908
H3c	Gr-1108-P Firmware	<= 20230908
H3c	Gr-1200w Firmware	<= 20230908
H3c	Gr-1800ax Firmware	<= 20230908
H3c	Gr-2200 Firmware	<= 20230908
H3c	Gr-3200 Firmware	<= 20230908
H3c	Gr-5200 Firmware	<= 20230908
H3c	Gr-8300 Firmware	<= 20230908
H3c	Er3260g2 Firmware	<= 20230908
H3c	Er5200g2 Firmware	<= 20230908
H3c	Er3200g2 Firmware	<= 20230908
H3c	Er2100n Firmware	<= 20230908
H3c	Er6300g2 Firmware	<= 20230908
H3c	Er5100g2 Firmware	<= 20230908
H3c	Er2200g2 Firmware	<= 20230908

References

https://github.com/CJCniubi666/H3C-ER/blob/main/README.mdExploit, Third Party Advisory
https://github.com/yinsel/CVE-H3C-ReportExploit, Third Party Advisory
https://vuldb.com/?ctiid.240238Permissions Required, Third Party Advisory
https://vuldb.com/?id.240238Third Party Advisory
https://github.com/CJCniubi666/H3C-ER/blob/main/README.mdExploit, Third Party Advisory
https://github.com/yinsel/CVE-H3C-ReportExploit, Third Party Advisory
https://vuldb.com/?ctiid.240238Permissions Required, Third Party Advisory
https://vuldb.com/?id.240238Third Party Advisory

Timeline

Published: Sep 24, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-5142?

How severe is CVE-2023-5142?

CVE-2023-5142 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 2.32% probability of exploitation in the next 30 days.

How do I fix CVE-2023-5142?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-5142?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST