Search criteria
12 vulnerabilities found for s8500 by huawei
VAR-201306-0209
Vulnerability from variot - Updated: 2023-12-18 13:53The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response. Huawei AR routers and Huawei S series switches are network devices of Huawei products. Attackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "s2700",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3300hi",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3500",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3700",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3900",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s5100",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s5600",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s7800",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "ar 18-1x",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "r0130"
},
{
"model": "ar 18-2x",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "r1712"
},
{
"model": "ar 18-3x",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "r0118"
},
{
"model": "s2000",
"scope": "eq",
"trust": 1.8,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s2300",
"scope": "eq",
"trust": 1.8,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3000",
"scope": "eq",
"trust": 1.8,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3300",
"scope": "eq",
"trust": 1.8,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r1631"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r1632"
},
{
"model": "ar 19\\/29\\/49",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "r2207"
},
{
"model": "ar 28\\/46",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "r0311"
},
{
"model": "ar 19/29/49",
"scope": "lte",
"trust": 0.8,
"vendor": "huawei",
"version": "r2207"
},
{
"model": "ar 28/46",
"scope": "lte",
"trust": 0.8,
"vendor": "huawei",
"version": "r0311"
},
{
"model": "s8500",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "r1631 and r1632"
},
{
"model": "ar routers",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s2000",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s3000",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s3500",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s3900",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s5100",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s5600",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s7800",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s8500",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 18 1x",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 18 2x",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 18 3x",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 19 29 49",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 28 46",
"version": "*"
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s2000",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s2300",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s2700",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3000",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3300",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3300hi",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3500",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3700",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3900",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s5100",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s5600",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s7800",
"version": null
},
{
"model": "r1631",
"scope": null,
"trust": 0.2,
"vendor": "s8500",
"version": null
},
{
"model": "r1632",
"scope": null,
"trust": 0.2,
"vendor": "s8500",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e44f6a90-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08072"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006007"
},
{
"db": "NVD",
"id": "CVE-2012-6570"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-406"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_28\\/46:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r0311",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_18-3x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r0118",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_18-2x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r1712",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_18-1x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r0130",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_19\\/29\\/49:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2207",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:s8500:r1631:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s8500:r1632:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s2000:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3000:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3900:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s5600:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3300:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3300hi:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3700:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3500:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s2300:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s2700:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s5100:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s7800:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6570"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felix Lindner of Recurity Labs GmbH",
"sources": [
{
"db": "BID",
"id": "60712"
}
],
"trust": 0.3
},
"cve": "CVE-2012-6570",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-6570",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-08072",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e44f6a90-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-59851",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-6570",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-08072",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-406",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e44f6a90-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-59851",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e44f6a90-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08072"
},
{
"db": "VULHUB",
"id": "VHN-59851"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006007"
},
{
"db": "NVD",
"id": "CVE-2012-6570"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-406"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response. Huawei AR routers and Huawei S series switches are network devices of Huawei products. \nAttackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6570"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006007"
},
{
"db": "CNVD",
"id": "CNVD-2013-08072"
},
{
"db": "BID",
"id": "60712"
},
{
"db": "IVD",
"id": "e44f6a90-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59851"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6570",
"trust": 3.6
},
{
"db": "BID",
"id": "60712",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201306-406",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-08072",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006007",
"trust": 0.8
},
{
"db": "IVD",
"id": "E44F6A90-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-59851",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e44f6a90-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08072"
},
{
"db": "VULHUB",
"id": "VHN-59851"
},
{
"db": "BID",
"id": "60712"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006007"
},
{
"db": "NVD",
"id": "CVE-2012-6570"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-406"
}
]
},
"id": "VAR-201306-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e44f6a90-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08072"
},
{
"db": "VULHUB",
"id": "VHN-59851"
}
],
"trust": 1.53885397
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e44f6a90-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08072"
}
]
},
"last_update_date": "2023-12-18T13:53:29.193000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20120808-03-HTTP-Module",
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm"
},
{
"title": "Huawei AR Router and Switch HTTP Module Header Field Handling Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34802"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08072"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006007"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59851"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006007"
},
{
"db": "NVD",
"id": "CVE-2012-6570"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6570"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6570"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08072"
},
{
"db": "VULHUB",
"id": "VHN-59851"
},
{
"db": "BID",
"id": "60712"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006007"
},
{
"db": "NVD",
"id": "CVE-2012-6570"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-406"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e44f6a90-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08072"
},
{
"db": "VULHUB",
"id": "VHN-59851"
},
{
"db": "BID",
"id": "60712"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006007"
},
{
"db": "NVD",
"id": "CVE-2012-6570"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-406"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-25T00:00:00",
"db": "IVD",
"id": "e44f6a90-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08072"
},
{
"date": "2013-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-59851"
},
{
"date": "2013-06-20T00:00:00",
"db": "BID",
"id": "60712"
},
{
"date": "2013-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006007"
},
{
"date": "2013-06-20T15:55:00.967000",
"db": "NVD",
"id": "CVE-2012-6570"
},
{
"date": "2013-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-406"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08072"
},
{
"date": "2013-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-59851"
},
{
"date": "2015-03-19T08:38:00",
"db": "BID",
"id": "60712"
},
{
"date": "2013-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006007"
},
{
"date": "2013-06-21T04:00:00",
"db": "NVD",
"id": "CVE-2012-6570"
},
{
"date": "2013-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-406"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-406"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei of AR Heap-based buffer overflow vulnerability in router and switch products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006007"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e44f6a90-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-406"
}
],
"trust": 0.8
}
}
VAR-201306-0210
Vulnerability from variot - Updated: 2023-12-18 13:09The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. Huawei AR routers and Huawei S series switches are network devices of Huawei products. Conversation. An attacker can exploit this issue to gain unauthorized access to the affected device. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks. Predictable session ID value
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ar 18-1x",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "r0130"
},
{
"model": "ar 18-2x",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "r1712"
},
{
"model": "ar 18-3x",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "r0118"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r1631"
},
{
"model": "s3300hi",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s7800",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s5100",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3300",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3700",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r1632"
},
{
"model": "s5600",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3900",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s2000",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "s3000",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "s3500",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "s3900",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "s5100",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "s5600",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "ar 19\\/29\\/49",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "r2207"
},
{
"model": "s2300",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3000",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "ar 28\\/46",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "r0311"
},
{
"model": "s2000",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s2700",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "ar 19/29/49",
"scope": "lte",
"trust": 0.8,
"vendor": "huawei",
"version": "r2207 \\\\\\\\ k"
},
{
"model": "ar 28/46",
"scope": "lte",
"trust": 0.8,
"vendor": "huawei",
"version": "r0311 \\\\\\\\ k"
},
{
"model": "ar routers",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s7800",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s8500",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s8500",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s7800",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s5600",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s5100",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s3900",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s3500",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s3000",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s2000",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar49",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar46",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar29",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar28",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar19",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar18-3x",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar18-2x",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar18-1x",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 18 1x",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 18 2x",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 18 3x",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 19 29 49",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 28 46",
"version": "*"
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s2000",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s2300",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s2700",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3000",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3300",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3300hi",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3500",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3700",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3900",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s5100",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s5600",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s7800",
"version": null
},
{
"model": "r1631",
"scope": null,
"trust": 0.2,
"vendor": "s8500",
"version": null
},
{
"model": "r1632",
"scope": null,
"trust": 0.2,
"vendor": "s8500",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e444d314-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08071"
},
{
"db": "BID",
"id": "60713"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006008"
},
{
"db": "NVD",
"id": "CVE-2012-6571"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-407"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_19\\/29\\/49:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2207",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_28\\/46:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r0311",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_18-3x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r0118",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_18-2x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r1712",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_18-1x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r0130",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:s2300:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s2000:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3900:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s5100:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s5600:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s2700:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3000:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s7800:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s8500:r1631:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3300:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3300hi:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s8500:r1632:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3700:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3500:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6571"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felix Lindner of Recurity Labs GmbH",
"sources": [
{
"db": "BID",
"id": "60713"
}
],
"trust": 0.3
},
"cve": "CVE-2012-6571",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-6571",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-08071",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e444d314-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-59852",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-6571",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-08071",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-407",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e444d314-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-59852",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e444d314-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08071"
},
{
"db": "VULHUB",
"id": "VHN-59852"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006008"
},
{
"db": "NVD",
"id": "CVE-2012-6571"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-407"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. Huawei AR routers and Huawei S series switches are network devices of Huawei products. Conversation. \nAn attacker can exploit this issue to gain unauthorized access to the affected device. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks. Predictable session ID value",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6571"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006008"
},
{
"db": "CNVD",
"id": "CNVD-2013-08071"
},
{
"db": "BID",
"id": "60713"
},
{
"db": "IVD",
"id": "e444d314-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59852"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6571",
"trust": 3.6
},
{
"db": "BID",
"id": "60713",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201306-407",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-08071",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006008",
"trust": 0.8
},
{
"db": "IVD",
"id": "E444D314-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-59852",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e444d314-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08071"
},
{
"db": "VULHUB",
"id": "VHN-59852"
},
{
"db": "BID",
"id": "60713"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006008"
},
{
"db": "NVD",
"id": "CVE-2012-6571"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-407"
}
]
},
"id": "VAR-201306-0210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e444d314-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08071"
},
{
"db": "VULHUB",
"id": "VHN-59852"
}
],
"trust": 1.53885397
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e444d314-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08071"
}
]
},
"last_update_date": "2023-12-18T13:09:31.250000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20120808-01-HTTP-Module",
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm"
},
{
"title": "Huawei AR router and switch HTTP module session ID predictable vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34803"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08071"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59852"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006008"
},
{
"db": "NVD",
"id": "CVE-2012-6571"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6571"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6571"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08071"
},
{
"db": "VULHUB",
"id": "VHN-59852"
},
{
"db": "BID",
"id": "60713"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006008"
},
{
"db": "NVD",
"id": "CVE-2012-6571"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-407"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e444d314-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08071"
},
{
"db": "VULHUB",
"id": "VHN-59852"
},
{
"db": "BID",
"id": "60713"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006008"
},
{
"db": "NVD",
"id": "CVE-2012-6571"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-407"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-25T00:00:00",
"db": "IVD",
"id": "e444d314-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08071"
},
{
"date": "2013-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-59852"
},
{
"date": "2012-08-04T00:00:00",
"db": "BID",
"id": "60713"
},
{
"date": "2013-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006008"
},
{
"date": "2013-06-20T15:55:00.983000",
"db": "NVD",
"id": "CVE-2012-6571"
},
{
"date": "2013-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-407"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08071"
},
{
"date": "2013-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-59852"
},
{
"date": "2012-08-04T00:00:00",
"db": "BID",
"id": "60713"
},
{
"date": "2013-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006008"
},
{
"date": "2013-09-02T06:29:24.353000",
"db": "NVD",
"id": "CVE-2012-6571"
},
{
"date": "2013-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-407"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-407"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei of AR Vulnerability to hijack sessions in router and switch products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006008"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-407"
}
],
"trust": 0.6
}
}
VAR-201306-0208
Vulnerability from variot - Updated: 2023-12-18 12:21Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI. Huawei AR routers and Huawei S series switches are network devices of Huawei products. Attackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0208",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "s3300",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3300hi",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3500",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3700",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3900",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s5100",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s5600",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s7800",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "ar 18-1x",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "r0130"
},
{
"model": "ar 18-2x",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "r1712"
},
{
"model": "s2000",
"scope": "eq",
"trust": 1.8,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s2300",
"scope": "eq",
"trust": 1.8,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s2700",
"scope": "eq",
"trust": 1.8,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s3000",
"scope": "eq",
"trust": 1.8,
"vendor": "huawei",
"version": "r6305"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r1631"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "r1632"
},
{
"model": "ar 19\\/29\\/49",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "r2207"
},
{
"model": "ar 28\\/46",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "r0311"
},
{
"model": "ar 18-3x",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "r0118"
},
{
"model": "ar 18-2x",
"scope": "lte",
"trust": 0.8,
"vendor": "huawei",
"version": "r0118"
},
{
"model": "ar 19/29/49",
"scope": "lte",
"trust": 0.8,
"vendor": "huawei",
"version": "r2207"
},
{
"model": "ar 28/46",
"scope": "lte",
"trust": 0.8,
"vendor": "huawei",
"version": "r0311"
},
{
"model": "s8500",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "r1631 and r1632"
},
{
"model": "ar routers",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s2000",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s3000",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s3500",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s3900",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s5100",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s5600",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s7800",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s8500",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "s8500",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s7800",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s5600",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s5100",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s3900",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s3500",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s3000",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "s2000",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar49",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar46",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar29",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar28",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar19",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar18-3x",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar18-2x",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "ar18-1x",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 18 1x",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 18 2x",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 18 3x",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 19 29 49",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ar 28 46",
"version": "*"
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s2000",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s2300",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s2700",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3000",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3300",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3300hi",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3500",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3700",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s3900",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s5100",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s5600",
"version": null
},
{
"model": "r6305",
"scope": null,
"trust": 0.2,
"vendor": "s7800",
"version": null
},
{
"model": "r1631",
"scope": null,
"trust": 0.2,
"vendor": "s8500",
"version": null
},
{
"model": "r1632",
"scope": null,
"trust": 0.2,
"vendor": "s8500",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e42fb632-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08073"
},
{
"db": "BID",
"id": "60708"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006006"
},
{
"db": "NVD",
"id": "CVE-2012-6569"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-405"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_28\\/46:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r0311",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_18-2x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r1712",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_19\\/29\\/49:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2207",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_18-3x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r0118",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:ar_18-1x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r0130",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:s2300:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s2000:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s2700:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3000:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3300:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3700:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s8500:r1632:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3900:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s5100:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s5600:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s7800:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3300hi:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s3500:r6305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:s8500:r1631:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6569"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felix Lindner of Recurity Labs GmbH",
"sources": [
{
"db": "BID",
"id": "60708"
}
],
"trust": 0.3
},
"cve": "CVE-2012-6569",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-6569",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-08073",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "e42fb632-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-59850",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-6569",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-08073",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-405",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e42fb632-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-59850",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e42fb632-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08073"
},
{
"db": "VULHUB",
"id": "VHN-59850"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006006"
},
{
"db": "NVD",
"id": "CVE-2012-6569"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI. Huawei AR routers and Huawei S series switches are network devices of Huawei products. \nAttackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6569"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006006"
},
{
"db": "CNVD",
"id": "CNVD-2013-08073"
},
{
"db": "BID",
"id": "60708"
},
{
"db": "IVD",
"id": "e42fb632-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59850"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6569",
"trust": 3.6
},
{
"db": "BID",
"id": "60708",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201306-405",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-08073",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006006",
"trust": 0.8
},
{
"db": "IVD",
"id": "E42FB632-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-59850",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e42fb632-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08073"
},
{
"db": "VULHUB",
"id": "VHN-59850"
},
{
"db": "BID",
"id": "60708"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006006"
},
{
"db": "NVD",
"id": "CVE-2012-6569"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-405"
}
]
},
"id": "VAR-201306-0208",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e42fb632-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08073"
},
{
"db": "VULHUB",
"id": "VHN-59850"
}
],
"trust": 1.53885397
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e42fb632-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08073"
}
]
},
"last_update_date": "2023-12-18T12:21:41.130000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20120808-02-HTTP-Module",
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm"
},
{
"title": "Huawei AR Router and Switch HTTP Module Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34801"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08073"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59850"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006006"
},
{
"db": "NVD",
"id": "CVE-2012-6569"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6569"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6569"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08073"
},
{
"db": "VULHUB",
"id": "VHN-59850"
},
{
"db": "BID",
"id": "60708"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006006"
},
{
"db": "NVD",
"id": "CVE-2012-6569"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e42fb632-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-08073"
},
{
"db": "VULHUB",
"id": "VHN-59850"
},
{
"db": "BID",
"id": "60708"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006006"
},
{
"db": "NVD",
"id": "CVE-2012-6569"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-25T00:00:00",
"db": "IVD",
"id": "e42fb632-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08073"
},
{
"date": "2013-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-59850"
},
{
"date": "2012-08-04T00:00:00",
"db": "BID",
"id": "60708"
},
{
"date": "2013-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006006"
},
{
"date": "2013-06-20T15:55:00.950000",
"db": "NVD",
"id": "CVE-2012-6569"
},
{
"date": "2013-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08073"
},
{
"date": "2013-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-59850"
},
{
"date": "2012-08-04T00:00:00",
"db": "BID",
"id": "60708"
},
{
"date": "2013-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006006"
},
{
"date": "2013-06-21T04:00:00",
"db": "NVD",
"id": "CVE-2012-6569"
},
{
"date": "2013-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-405"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei of AR Stack-based buffer overflow vulnerability in router and switch products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006006"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e42fb632-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-405"
}
],
"trust": 0.8
}
}
FKIE_CVE-2012-6569
Vulnerability from fkie_nvd - Published: 2013-06-20 15:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | ar_18-1x | * | |
| huawei | ar_18-2x | * | |
| huawei | ar_18-3x | * | |
| huawei | ar_19\/29\/49 | * | |
| huawei | ar_28\/46 | * | |
| huawei | s2000 | r6305 | |
| huawei | s2300 | r6305 | |
| huawei | s2700 | r6305 | |
| huawei | s3000 | r6305 | |
| huawei | s3300 | r6305 | |
| huawei | s3300hi | r6305 | |
| huawei | s3500 | r6305 | |
| huawei | s3700 | r6305 | |
| huawei | s3900 | r6305 | |
| huawei | s5100 | r6305 | |
| huawei | s5600 | r6305 | |
| huawei | s7800 | r6305 | |
| huawei | s8500 | r1631 | |
| huawei | s8500 | r1632 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar_18-1x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C169428A-DBA2-4AD4-AB2F-9B55F406D5F5",
"versionEndIncluding": "r0130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_18-2x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F96CD3E2-2AE8-48B2-9979-84AD3C99933E",
"versionEndIncluding": "r1712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_18-3x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A93A0EF1-FDC5-4E7C-A692-C664552913EF",
"versionEndIncluding": "r0118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_19\\/29\\/49:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82396118-3290-4683-902D-4955E81B84F9",
"versionEndIncluding": "r2207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_28\\/46:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A520A0A9-2BF8-4E32-9194-3307CE52C2AD",
"versionEndIncluding": "r0311",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:s2000:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF996D4-838E-4295-B8E2-43512DC9BF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s2300:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "6185A1C4-34B8-4FED-8144-15EA8012CA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s2700:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "49B54F7F-0B13-4ADC-B8F5-72606273528E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3000:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC5B0CA-8081-4492-8D2A-5FEE778C5E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3300:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "708E992F-581F-4DA0-A490-BB6E2BA8B598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3300hi:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8FA59E-F894-441D-8FBA-5D865BD3DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3500:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "945EEE2E-C21E-4E1D-9D91-F5B0A77C7CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3700:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4AE20-F5FB-47DF-817E-DF7871121CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3900:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "394161B5-65DF-4921-AE2B-0959322A71F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s5100:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "F02BD40C-8825-46ED-9C99-A4DD5331F04A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s5600:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "47BCCDFB-27DB-439B-965C-525941118C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s7800:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3232F7-23AC-4773-A67D-BCA0A886FE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s8500:r1631:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4B69FE-DC23-4A78-9D1A-C35EA98CB1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s8500:r1632:*:*:*:*:*:*:*",
"matchCriteriaId": "008D26B5-DC98-4592-B592-3728C8A0D6C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el m\u00f3dulo HTTP en el (1) Branch Intelligent Management System (BIMS) y (2) en el componente de gesti\u00f3n web en Huawei AR routers y switches S2000, S3000, S3500, S3900, S5100, S5600, S7800, y S8500 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una URI de gran longitud."
}
],
"id": "CVE-2012-6569",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-20T15:55:00.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6570
Vulnerability from fkie_nvd - Published: 2013-06-20 15:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | ar_18-1x | * | |
| huawei | ar_18-2x | * | |
| huawei | ar_18-3x | * | |
| huawei | ar_19\/29\/49 | * | |
| huawei | ar_28\/46 | * | |
| huawei | s2000 | r6305 | |
| huawei | s2300 | r6305 | |
| huawei | s2700 | r6305 | |
| huawei | s3000 | r6305 | |
| huawei | s3300 | r6305 | |
| huawei | s3300hi | r6305 | |
| huawei | s3500 | r6305 | |
| huawei | s3700 | r6305 | |
| huawei | s3900 | r6305 | |
| huawei | s5100 | r6305 | |
| huawei | s5600 | r6305 | |
| huawei | s7800 | r6305 | |
| huawei | s8500 | r1631 | |
| huawei | s8500 | r1632 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar_18-1x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C169428A-DBA2-4AD4-AB2F-9B55F406D5F5",
"versionEndIncluding": "r0130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_18-2x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F96CD3E2-2AE8-48B2-9979-84AD3C99933E",
"versionEndIncluding": "r1712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_18-3x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A93A0EF1-FDC5-4E7C-A692-C664552913EF",
"versionEndIncluding": "r0118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_19\\/29\\/49:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82396118-3290-4683-902D-4955E81B84F9",
"versionEndIncluding": "r2207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_28\\/46:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A520A0A9-2BF8-4E32-9194-3307CE52C2AD",
"versionEndIncluding": "r0311",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:s2000:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF996D4-838E-4295-B8E2-43512DC9BF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s2300:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "6185A1C4-34B8-4FED-8144-15EA8012CA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s2700:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "49B54F7F-0B13-4ADC-B8F5-72606273528E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3000:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC5B0CA-8081-4492-8D2A-5FEE778C5E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3300:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "708E992F-581F-4DA0-A490-BB6E2BA8B598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3300hi:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8FA59E-F894-441D-8FBA-5D865BD3DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3500:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "945EEE2E-C21E-4E1D-9D91-F5B0A77C7CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3700:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4AE20-F5FB-47DF-817E-DF7871121CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3900:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "394161B5-65DF-4921-AE2B-0959322A71F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s5100:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "F02BD40C-8825-46ED-9C99-A4DD5331F04A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s5600:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "47BCCDFB-27DB-439B-965C-525941118C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s7800:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3232F7-23AC-4773-A67D-BCA0A886FE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s8500:r1631:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4B69FE-DC23-4A78-9D1A-C35EA98CB1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s8500:r1632:*:*:*:*:*:*:*",
"matchCriteriaId": "008D26B5-DC98-4592-B592-3728C8A0D6C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response."
},
{
"lang": "es",
"value": "El m\u00f3dulo HTTP en (1) Branch Intelligent Management System (BIMS) y (2) componentes de gesti\u00f3n web de switches de Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, y S8500 no comprueba si los datos HTTP son mayores que el valor del campo Content-Length, que permite a los servidores HTTP remotos realizar ataques de desbordamiento de b\u00fafer basado en mont\u00edculo y ejecutar c\u00f3digo arbitrario a trav\u00e9s de una respuesta elaborada."
}
],
"id": "CVE-2012-6570",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-20T15:55:00.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6571
Vulnerability from fkie_nvd - Published: 2013-06-20 15:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | ar_18-1x | * | |
| huawei | ar_18-2x | * | |
| huawei | ar_18-3x | * | |
| huawei | ar_19\/29\/49 | * | |
| huawei | ar_28\/46 | * | |
| huawei | s2000 | r6305 | |
| huawei | s2300 | r6305 | |
| huawei | s2700 | r6305 | |
| huawei | s3000 | r6305 | |
| huawei | s3300 | r6305 | |
| huawei | s3300hi | r6305 | |
| huawei | s3500 | r6305 | |
| huawei | s3700 | r6305 | |
| huawei | s3900 | r6305 | |
| huawei | s5100 | r6305 | |
| huawei | s5600 | r6305 | |
| huawei | s7800 | r6305 | |
| huawei | s8500 | r1631 | |
| huawei | s8500 | r1632 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar_18-1x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C169428A-DBA2-4AD4-AB2F-9B55F406D5F5",
"versionEndIncluding": "r0130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_18-2x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F96CD3E2-2AE8-48B2-9979-84AD3C99933E",
"versionEndIncluding": "r1712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_18-3x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A93A0EF1-FDC5-4E7C-A692-C664552913EF",
"versionEndIncluding": "r0118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_19\\/29\\/49:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82396118-3290-4683-902D-4955E81B84F9",
"versionEndIncluding": "r2207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:ar_28\\/46:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A520A0A9-2BF8-4E32-9194-3307CE52C2AD",
"versionEndIncluding": "r0311",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:s2000:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF996D4-838E-4295-B8E2-43512DC9BF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s2300:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "6185A1C4-34B8-4FED-8144-15EA8012CA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s2700:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "49B54F7F-0B13-4ADC-B8F5-72606273528E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3000:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC5B0CA-8081-4492-8D2A-5FEE778C5E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3300:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "708E992F-581F-4DA0-A490-BB6E2BA8B598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3300hi:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8FA59E-F894-441D-8FBA-5D865BD3DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3500:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "945EEE2E-C21E-4E1D-9D91-F5B0A77C7CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3700:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4AE20-F5FB-47DF-817E-DF7871121CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s3900:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "394161B5-65DF-4921-AE2B-0959322A71F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s5100:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "F02BD40C-8825-46ED-9C99-A4DD5331F04A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s5600:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "47BCCDFB-27DB-439B-965C-525941118C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s7800:r6305:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3232F7-23AC-4773-A67D-BCA0A886FE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s8500:r1631:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4B69FE-DC23-4A78-9D1A-C35EA98CB1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:huawei:s8500:r1632:*:*:*:*:*:*:*",
"matchCriteriaId": "008D26B5-DC98-4592-B592-3728C8A0D6C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack."
},
{
"lang": "es",
"value": "El m\u00f3dulo HTTP en el (1) Branch Intelligent Management System (BIMS) y (2) gesti\u00f3n web de componentes para switches Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 usa valores de Session ID predecibles lo que hace m\u00e1s f\u00e1cil a atacantes remotos secuestrar la sesi\u00f3n a trav\u00e9s de ataques de fuerza bruta."
}
],
"id": "CVE-2012-6571",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-20T15:55:00.983",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-6571 (GCVE-0-2012-6571)
Vulnerability from cvelistv5 – Published: 2013-06-20 15:00 – Updated: 2024-09-16 21:08
VLAI?
Summary
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6571",
"datePublished": "2013-06-20T15:00:00Z",
"dateReserved": "2013-06-20T00:00:00Z",
"dateUpdated": "2024-09-16T21:08:50.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6569 (GCVE-0-2012-6569)
Vulnerability from cvelistv5 – Published: 2013-06-20 15:00 – Updated: 2024-09-17 02:36
VLAI?
Summary
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6569",
"datePublished": "2013-06-20T15:00:00Z",
"dateReserved": "2013-06-20T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:51.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6570 (GCVE-0-2012-6570)
Vulnerability from cvelistv5 – Published: 2013-06-20 15:00 – Updated: 2024-09-16 23:46
VLAI?
Summary
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6570",
"datePublished": "2013-06-20T15:00:00Z",
"dateReserved": "2013-06-20T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:14.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6571 (GCVE-0-2012-6571)
Vulnerability from nvd – Published: 2013-06-20 15:00 – Updated: 2024-09-16 21:08
VLAI?
Summary
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6571",
"datePublished": "2013-06-20T15:00:00Z",
"dateReserved": "2013-06-20T00:00:00Z",
"dateUpdated": "2024-09-16T21:08:50.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6569 (GCVE-0-2012-6569)
Vulnerability from nvd – Published: 2013-06-20 15:00 – Updated: 2024-09-17 02:36
VLAI?
Summary
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6569",
"datePublished": "2013-06-20T15:00:00Z",
"dateReserved": "2013-06-20T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:51.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6570 (GCVE-0-2012-6570)
Vulnerability from nvd – Published: 2013-06-20 15:00 – Updated: 2024-09-16 23:46
VLAI?
Summary
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6570",
"datePublished": "2013-06-20T15:00:00Z",
"dateReserved": "2013-06-20T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:14.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}