Cross site request forgery (csrf)

2017-04-0220:59:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.0%

JSON

Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.

CPENameOperatorVersion
fusionmanagereq100r2c3-v
fusionmanagereq100r3c0-v
usg2100_firmwareeq<= v300r1c0spc900
usg2200_firmwareeq<= v300r1c0spc900
usg5100_firmwareeq<= v300r1c0spc900
usg5500_firmwareeq<= v300r1c0spc900
usg9500_firmwareeq<= v200r1c1spc800
usg9500_firmwareeq300r1c0-v

Name	Operator	Version
fusionmanager	eq	100r2c3-v
fusionmanager	eq	100r3c0-v
usg2100_firmware	eq	<= v300r1c0spc900
usg2200_firmware	eq	<= v300r1c0spc900
usg5100_firmware	eq	<= v300r1c0spc900
usg5500_firmware	eq	<= v300r1c0spc900
usg9500_firmware	eq	<= v200r1c1spc800
usg9500_firmware	eq	300r1c0-v

References

www.huawei.com/en/psirt/security-advisories/hw-372186