CVE-2014-9136

Name of the Vulnerable Software and Affected Versions Huawei FusionManager versions V100R002C03 through V100R003C00

Description The issue allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. CSRF is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. This can happen when a user is logged into the web interface and an attacker sends a malicious request to the user's browser, which then executes the request without the user's knowledge.

Recommendations For Huawei FusionManager versions V100R002C03 and V100R003C00, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests. As a temporary workaround, restrict access to the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.