CVE-2014-5395

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm	Vendor Advisory
http://www.securityfocus.com/bid/69162
https://www.exploit-db.com/exploits/46092/
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm	Vendor Advisory
http://www.securityfocus.com/bid/69162
https://www.exploit-db.com/exploits/46092/

Configurations

Configuration 1 (hide)

cpe:2.3:o:huawei:e5180s-22_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:huawei:e3276_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:huawei:e3276_firmware:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:huawei:e3236_firmware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:huawei:e586bs-2_firmware:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:o:huawei:e3236_firmware:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:11

Type	Values Removed	Values Added
References	~~() http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm - Vendor Advisory~~	() http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/69162 -~~	() http://www.securityfocus.com/bid/69162 -
References	~~() https://www.exploit-db.com/exploits/46092/ -~~	() https://www.exploit-db.com/exploits/46092/ -

Information

Published : 2014-11-21 15:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-5395

Mitre link : CVE-2014-5395

CVE.ORG link : CVE-2014-5395

JSON object : View

Products Affected

huawei

e5180s-22_firmware
e3276_firmware
e3236_firmware
e586bs-2_firmware

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2014-5395", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-11-21T15:59:00.087", "references": [{"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/69162", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/46092/", "source": "cve@mitre.org"}, {"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/69162", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/46092/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de CSRF en Huawei HiLink E3276 y E3236 TCPU anterior a V200R002B470D13SP00C00 y WebUI anterior a V100R007B100D03SP01C03, E5180s-22 anterior a 21.270.21.00.00, y E586Bs-2 anterior a 21.322.10.00.889 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para solicitudes que (1) modifican las configuraciones, (2) env\u00edan mensajes SMS, o tienen otro impacto no especificado a trav\u00e9s de vectores desconocidos."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e5180s-22_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81B356AA-2FC6-4C6B-BABB-122CD99E842F", "versionEndIncluding": "e5180s-22tcpu-21.270.05.01.00"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e3276_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7802D382-5527-40AE-8C2D-6956362FD3BB", "versionEndIncluding": "webui-13.100.09.00.03"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e3276_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31B5F05E-B955-4C30-88BC-2A07119F82CE", "versionEndIncluding": "e3276s-150tcpu-22.265.03.00.00"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e3236_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC9F685D-56F4-4A53-BAA7-E670CFAE7746", "versionEndIncluding": "webui-13.100.10.00.03"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e586bs-2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5113C12A-97E1-4483-83E9-F84A08FF01E8", "versionEndIncluding": "e586bs-2tcpu-21.322.08.00.889"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e3236_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7950FF64-6E96-4FC8-849B-74399A0B6E8A", "versionEndIncluding": "e3236s-2tcpu-22.146.29.00.00"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.8 /10