PT-2016-7123 · Huawei · Rh2288 V3+4
Published
2016-09-07
·
Updated
2016-09-08
·
CVE-2016-6825
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei XH620 V3 versions prior to V100R003C00SPC610
Huawei XH622 V3 versions prior to V100R003C00SPC610
Huawei XH628 V3 versions prior to V100R003C00SPC610
Huawei RH1288 V3 versions prior to V100R003C00SPC613
Huawei RH2288 V3 versions prior to V100R003C00SPC617
Huawei RH2288H V3 versions prior to V100R003C00SPC515
Description
The issue allows remote attackers to obtain passwords via a brute-force attack due to a lack of authentication protection mechanisms.
Recommendations
For Huawei XH620 V3 versions prior to V100R003C00SPC610, update to V100R003C00SPC610 or later.
For Huawei XH622 V3 versions prior to V100R003C00SPC610, update to V100R003C00SPC610 or later.
For Huawei XH628 V3 versions prior to V100R003C00SPC610, update to V100R003C00SPC610 or later.
For Huawei RH1288 V3 versions prior to V100R003C00SPC613, update to V100R003C00SPC613 or later.
For Huawei RH2288 V3 versions prior to V100R003C00SPC617, update to V100R003C00SPC617 or later.
For Huawei RH2288H V3 versions prior to V100R003C00SPC515, update to V100R003C00SPC515 or later.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rh1288 V3
Rh2288 V3
Xh620 V3
Xh622 V3
Xh628 V3