Security Advisory-CSRF Vulnerability in Huawei HiLink Products
- SA No:Huawei-SA-20140806-01-HiLink
- Initial Release Date: 2014-08-06
- Last Release Date: 2014-11-20
Several Huawei HiLink products have the CSRF Vulnerability. When users use these devices to visit websites that contain malicious scripts, the malicious scripts can exploit the vulnerability to change the configurations or use the functions of products. (Vulnerability ID: HWPSIRT-2014-0243)
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-5395.|
Product name |
Affected Version |
Resolved Product and Version |
|
E3276 |
E3276s-150TCPU-22.265.03.00.00 |
E3276sTCPU-V200R002B470D13SP00C00 |
|
E3236 |
E3236s-2TCPU-22.146.29.00.00 |
E3236sTCPU-V200R002B146D41SP00C00 |
|
E5180s-22 |
E5180s-22TCPU-21.270.05.01.00 |
E5180s-22B710C0update_21.270.21.00.00.gz |
|
E586Bs-2 |
E586Bs-2TCPU-21.322.08.00.889 |
E586Bs-2TCPU-21.322.10.00.889 |
The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Temporal Score: 4.2 (E:F/RL:O/RC:C
This vulnerability is reported firstly by Andreas Lindh and later by Juraj Kosik. Huawei PSIRT is not aware of any malicious use of the vulnerability described in this advisory.
Huawei express our appreciation for Andreas Lindh and Juraj Kosik’s concerns on Huawei products.For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.
For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.
2014-11-20 V1.4 UPDATED Update the Software Versions and Fixes
2014-11-14 V1.3 UPDATED Update the Software Versions and Fixes
2014-08-25 V1.2 UPDATED Update the information of CVE-ID
2014-08-08 V1.1 UPDATED Update the Software Versions and Fixes
2014-08-06 V1.0 INITIAL
None
