PT-2014-6450 · Huawei · Huawei Hilink E3236 Tcpu+4
Published
2014-11-21
·
Updated
2019-01-08
·
CVE-2014-5395
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Huawei HiLink E3276 versions before V200R002B470D13SP00C00
Huawei HiLink E3236 TCPU versions before V200R002B470D13SP00C00
Huawei HiLink E3236 WebUI versions before V100R007B100D03SP01C03
Huawei E5180s-22 versions before 21.270.21.00.00
Huawei E586Bs-2 versions before 21.322.10.00.889
Description
The issue allows remote attackers to hijack user authentication for requests, potentially modifying configurations, sending SMS messages, or having other unspecified impacts.
Recommendations
For Huawei HiLink E3276 versions before V200R002B470D13SP00C00, update to V200R002B470D13SP00C00 or later.
For Huawei HiLink E3236 TCPU versions before V200R002B470D13SP00C00, update to V200R002B470D13SP00C00 or later.
For Huawei HiLink E3236 WebUI versions before V100R007B100D03SP01C03, update to V100R007B100D03SP01C03 or later.
For Huawei E5180s-22 versions before 21.270.21.00.00, update to 21.270.21.00.00 or later.
For Huawei E586Bs-2 versions before 21.322.10.00.889, update to 21.322.10.00.889 or later.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei E5180S-22
Huawei E586Bs-2
Huawei Hilink E3236 Tcpu
Huawei Hilink E3236 Webui
Huawei Hilink E3276