Lucene search

[email protected]CVE-2014-2946

HistoryJun 02, 2014 - 7:55 p.m.

CVE-2014-2946

2014-06-0219:55:03

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-2946

cross-site request forgery

csrf vulnerability

web ui

huawei e303 modems

sms

xml document

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.9%

JSON

Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document.

Affected configurations

NVD

Node

huaweiwebuiMatch11.010.06.01.858

huaweie303_modem_firmwareMatch22.157.18.00.858

AND

huaweie303_modemMatchch2e303sm

CPENameOperatorVersion
huawei:webuihuawei webuieq11.010.06.01.858
huawei:e303_modem_firmwarehuawei e303 modem firmwareeq22.157.18.00.858
huawei:e303_modemhuawei e303 modemeqch2e303sm

CPE	Name	Operator	Version
huawei:webui	huawei webui	eq	11.010.06.01.858
huawei:e303_modem_firmware	huawei e303 modem firmware	eq	22.157.18.00.858
huawei:e303_modem	huawei e303 modem	eq	ch2e303sm

References

b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html

secunia.com/advisories/58992

www.kb.cert.org/vuls/id/325636

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.9%

JSON

Related for CVE-2014-2946

nvd1 cert1 prion1 cvelist1