PT-2012-6212 · Huawei · Huawei E585
John Bird
·
Published
2012-12-19
·
Updated
2012-12-19
·
CVE-2012-5969
CVSS v2.0
4.8
Medium
| Vector | AV:A/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Huawei E585 device (affected versions not specified)
Description
The issue allows remote attackers to read or modify arbitrary files on the device. This can be achieved through directory traversal vulnerabilities, specifically by using a .. (dot dot) in the PATH INFO of an "sdcard/" request or in the
req page parameter to the "en/sms.cgi" endpoint.Recommendations
For the Huawei E585 device, consider restricting access to the "sdcard/" directory and the "en/sms.cgi" endpoint until a fix is available.
As a temporary workaround, avoid using the
req page parameter in the "en/sms.cgi" endpoint to minimize the risk of exploitation.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei E585