Lucene search

[email protected]CVE-2013-6031

HistoryMar 11, 2014 - 1:00 p.m.

CVE-2013-6031

2014-03-1113:00:49

CWE-287

[email protected]

web.nvd.nist.gov

huawei

e355

adapter

firmware

authentication bypass

remote attack

sensitive information

api

nvd

cve-2013-6031

4.3 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.5%

JSON

The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings.

Affected configurations

NVD

Node

huaweie355_firmwareMatch21.157.37.01.910

AND

huaweie355Match-

CPENameOperatorVersion
huawei:e355_firmwarehuawei e355 firmwareeq21.157.37.01.910
huawei:e355huawei e355eq-

CPE	Name	Operator	Version
huawei:e355_firmware	huawei e355 firmware	eq	21.157.37.01.910
huawei:e355	huawei e355	eq	-

References

www.kb.cert.org/vuls/id/341526

github.com/aczire/huawei-csrf-info_disclosure/blob/master/huawei_wifi_info.rb

4.3 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.5%

JSON

Related for CVE-2013-6031

cvelist1 nessus1 cert1 seebug2 prion1 nvd1