Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Huawei E587 3G Mobile Hotspot Command Injection

🗓️ 15 Jul 2013 00:00:00Reported by Frederic BasseType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

Huawei E587 3G Mobile Hotspot Command Injection CVE-2013-261

Related
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2013-2612
27 Jan 202021:58
cve
Cvelist		CVE-2013-2612
27 Jan 202021:58
cvelist
EUVD		EUVD-2013-2554
7 Oct 202500:30
euvd
NVD		CVE-2013-2612
27 Jan 202022:15
nvd
Prion		Command injection
27 Jan 202022:15
prion
securityvulns		[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection
17 Jul 201300:00
securityvulns
securityvulns		Huawei E587 access point security vulnerabilities
17 Jul 201300:00
securityvulns
`  
-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection  
________________________________________________________________________  
Summary:  
Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command  
injection vulnerability in the Web UI.  
  
Successful exploitation allows unauthenticated attackers to execute  
arbitrary commands with root privileges.  
________________________________________________________________________  
Details:  
The HTTP endpoint "/api/device/time" in Web UI is vulnerable to shell  
command injection. This allows code execution with root privileges.  
________________________________________________________________________  
CVSS Version 2 Metrics:  
Access Vector: Network exploitable  
Access Complexity: Low  
Authentication: Not required to exploit  
Confidentiality Impact: Complete  
Integrity Impact: Complete  
Availability Impact: Complete  
________________________________________________________________________  
Disclosure Timeline:  
2013-03-18 Vendor notified  
2013-03-18 CVE-2013-2612 assigned  
2013-07-15 Public advisory  
________________________________________________________________________  
References:  
http://www.huawei.com/en/security/psirt/  
________________________________________________________________________  
Frédéric Basse  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.12 (GNU/Linux)  
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/  
  
iQEcBAEBAgAGBQJR48qZAAoJENQ4kG3hg80AJMEH/Rdyx2zmDPzr2Ar5Nc+Fw1ih  
aiby28PhIKfXhAst2SrkIp6ogtDEj+PBrgbEy2YJlyKi01z1Uf2UGukxijlQTg7H  
0zYivz55vleBrr9OD/A2pxo7sZZy7eswH5jia5abRUVXYYqEVWYp5KWvzbMPO3CY  
EgLYxE4uv00ojqHCl9QsD7oa+mR52Jur3QZ/IdCbJJZgmEKmwNJvJ8rb6RvTMcae  
+8dWhC8bhfL3UkTW5snYZ4K/euA84LmGvcfd1PXrMAX01xXDdnPJ/JxrzSPLfb1x  
6WyZO6cZpgxQqvogemXKOy2MmnNkWlkK0P9OmmDpBQBI66WnyBUxXNFxEr/HFKo=  
=6yIl  
-----END PGP SIGNATURE-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Jul 2013 00:00Current
9.7High risk
Vulners AI Score9.7
EPSS0.05717
huawei e587 3g mobile hotspotcommand injectioncve-2013-2612web uishell injectionroot privilegesnetwork exploitablelow complexityno authenticationcomplete impactpublic advisorysecurity psirt
28