CVE-2014-5395

2014-11-2115:59:00

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.003

Percentile

71.6%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors.

Affected configurations

Nvd

Node

huaweie5180s-22_firmwareRange≤e5180s-22tcpu-21.270.05.01.00

Node

huaweie3276_firmwareRange≤webui-13.100.09.00.03

Node

huaweie3276_firmwareRange≤e3276s-150tcpu-22.265.03.00.00

Node

huaweie3236_firmwareRange≤webui-13.100.10.00.03

Node

huaweie586bs-2_firmwareRange≤e586bs-2tcpu-21.322.08.00.889

Node

huaweie3236_firmwareRange≤e3236s-2tcpu-22.146.29.00.00

VendorProductVersionCPE
huaweie5180s-22_firmware*cpe:2.3:o:huawei:e5180s-22_firmware:*:*:*:*:*:*:*:*
huaweie3276_firmware*cpe:2.3:o:huawei:e3276_firmware:*:*:*:*:*:*:*:*
huaweie3236_firmware*cpe:2.3:o:huawei:e3236_firmware:*:*:*:*:*:*:*:*
huaweie586bs-2_firmware*cpe:2.3:o:huawei:e586bs-2_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	e5180s-22_firmware	*	cpe:2.3:o:huawei:e5180s-22_firmware::::::::
huawei	e3276_firmware	*	cpe:2.3:o:huawei:e3276_firmware::::::::
huawei	e3236_firmware	*	cpe:2.3:o:huawei:e3236_firmware::::::::
huawei	e586bs-2_firmware	*	cpe:2.3:o:huawei:e586bs-2_firmware::::::::