CVE-2014-9137

Name of the Vulnerable Software and Affected Versions Huawei USG9500 versions V200R001C01SPC800 and earlier Huawei USG2100 versions V300R001C00SPC900 and earlier Huawei USG2200 version V300R001C00SPC900 Huawei USG5100 version V300R001C00SPC900

Description The issue allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. This type of attack can occur when a user is tricked into performing unintended actions on a web application that they are authenticated to.

Recommendations For Huawei USG9500 versions V200R001C01SPC800 and earlier, update to a version later than V200R001C01SPC800 to resolve the issue. For Huawei USG2100 versions V300R001C00SPC900 and earlier, update to a version later than V300R001C00SPC900 to resolve the issue. For Huawei USG2200 version V300R001C00SPC900, update to a version later than V300R001C00SPC900 to resolve the issue. For Huawei USG5100 version V300R001C00SPC900, update to a version later than V300R001C00SPC900 to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.