Design/Logic Flaw

2016-02-0121:59:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.8%

JSON

Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors.

CPENameOperatorVersion
e5151_firmwareeq<= e5151s2tcpuv200r1b141d13sp0c1080
e5186_firmwareeq<= v200r1b306d1c0

CPE	Name	Operator	Version
	e5151_firmware	eq	<= e5151s2tcpuv200r1b141d13sp0c1080
	e5186_firmware	eq	<= v200r1b306d1c0

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160129-01-dns-en

www.securityfocus.com/bid/82246

www.kb.cert.org/vuls/id/972224