CVE-2016-7108

medium

Published 2016-09-07 · Modified 2026-05-06

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2

4.0

VIR risk

6.5

Description

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en

Application impact

Vendor	Product	Versions	Fixed
huawei	uma	`{"endIncluding":"v200r001c00spc200"}`

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en
http://www.securityfocus.com/bid/92619
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en
http://www.securityfocus.com/bid/92619

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.