Lucene search
Huawei TechnologiesHUAWEI-SA-20141011-01-E355HistoryOct 11, 2014 - 12:00 a.m.
Security Advisory-XSS Security Vulnerability on Huawei E355
2014-10-1100:00:00
Huawei Technologies
www.huawei.com
9
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.2%
Huawei E355 portable 3G wireless routers have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users. (Vulnerability ID: HWPSIRT-2014-0516)
The CVE No. of the vulnerability is CVE-2014-2968.
Affected configurations
Node
huaweie355Match21.157.37.01.910
ORhuaweie355Match11.001.08.00.03
| CPE | Name | Operator | Version |
|---|---|---|---|
| e355 | eq | 21.157.37.01.910 | |
| e355 | eq | 11.001.08.00.03 |
Related
cert
cert
Huawei E355 contains a stored cross-site scripting vulnerability
2014-07-21 00:00:00
cvelist
cvelist
CVE-2014-2968
2014-07-24 14:00:00
cve
cve
CVE-2014-2968
2014-07-24 14:55:07
prion
prion
Cross site scripting
2014-07-24 14:55:00
nvd
nvd
CVE-2014-2968
2014-07-24 14:55:07
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.2%
Related for HUAWEI-SA-20141011-01-E355