CVE-2013-6031

Name of the Vulnerable Software and Affected Versions Huawei E355 adapter version 21.157.37.01.910

Description The issue allows remote attackers to change passwords and settings, or obtain sensitive information, due to the lack of authentication for API pages. This can be achieved via a direct request to API endpoints such as "api/wlan/security-settings", "api/device/information", "api/wlan/basic-settings", "api/wlan/mac-filter", "api/monitoring/status", or "api/dhcp/settings".

Recommendations For Huawei E355 adapter version 21.157.37.01.910, consider restricting access to the API endpoints "api/wlan/security-settings", "api/device/information", "api/wlan/basic-settings", "api/wlan/mac-filter", "api/monitoring/status", and "api/dhcp/settings" until a patch is available. As a temporary workaround, implement authentication for API pages to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.