Security Advisory-CSRF Vulnerability in Huawei HiLink Products

2014-08-0600:00:00

Huawei Technologies

www.huawei.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.6%

JSON

Several Huawei HiLink products have the CSRF Vulnerability. When users use these devices to visit websites that contain malicious scripts, the malicious scripts can exploit the vulnerability to change the configurations or use the functions of products. (Vulnerability ID: HWPSIRT-2014-0243)

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-5395.

Affected configurations

Vulners

Node

huaweie3276Matche3276s-150tcpu-22.265.03.00.00

huaweie3276Matchwebui-13.100.09.00.03

huaweie3236Matche3236s-2tcpu-22.146.29.00.00

huaweie3236Matchwebui-13.100.10.00.03

huaweie5180s-22Matche5180s-22tcpu-21.270.05.01.00

huaweie586bs-2Matche586bs-2tcpu-21.322.08.00.889

CPENameOperatorVersion
e3276eqE3276s-150TCPU-22.265.03.00.00
e3276eqWEBUI-13.100.09.00.03
e3236eqE3236s-2TCPU-22.146.29.00.00
e3236eqWEBUI-13.100.10.00.03
e5180s-22eqE5180s-22TCPU-21.270.05.01.00
e586bs-2eqE586Bs-2TCPU-21.322.08.00.889

Name	Operator	Version
e3276	eq	E3276s-150TCPU-22.265.03.00.00
e3276	eq	WEBUI-13.100.09.00.03
e3236	eq	E3236s-2TCPU-22.146.29.00.00
e3236	eq	WEBUI-13.100.10.00.03
e5180s-22	eq	E5180s-22TCPU-21.270.05.01.00
e586bs-2	eq	E586Bs-2TCPU-21.322.08.00.889