CVE-2014-5395CVE-2014-5395

Affected configuration(s):

cpe:/o:huawei:e3236_firmware:e3236s-2tcpu-22.146.29.00.00
cpe:/o:huawei:e3236_firmware:webui-13.100.10.00.03
cpe:/o:huawei:e3276_firmware:e3276s-150tcpu-22.265.03.00.00
cpe:/o:huawei:e3276_firmware:webui-13.100.09.00.03
cpe:/o:huawei:e5180s-22_firmware:e5180s-22tcpu-21.270.05.01.00
cpe:/o:huawei:e586bs-2_firmware:e586bs-2tcpu-21.322.08.00.889

Date published: 2014-11-21T10:59:00.087-05:00

Date last modified: 2014-11-24T09:16:06.320-05:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm

Summary: Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.