var-201604-0127
Vulnerability from variot
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. The AR3200 series enterprise routers are Huawei's next-generation network products. They inherit Huawei's deep accumulation in data communication, wireless communication, PON access and softswitch, and rely on the VRP platform with independent intellectual property rights. Wireless Internet access, private line access, PBX, converged communication, and security functions are widely deployed in large and medium-sized campus network outlets, large and medium-sized enterprise headquarters or branches. An AR2200 device has an input verification vulnerability. After an attacker uses the vulnerability to log in to the device and constructs a specific attack packet and sends it to the device, the device can be restarted probabilistically. Huawei AR3200 routers are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A security vulnerability exists in the Huawei AR3200. The following versions are affected: Huawei AR3200 using V200R005C20, V200R005C30, and V200R005C32 software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ar3200",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r005c20"
},
{
"model": "ar3200",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r005c30"
},
{
"model": "ar3200",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r005c32"
},
{
"model": "ar3200",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "firmware v200r006c10spc300"
},
{
"model": "ar3200",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:ar3200_firmware:v200r005c32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar3200_firmware:v200r005c30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar3200_firmware:v200r005c20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3950"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "87086"
}
],
"trust": 0.3
},
"cve": "CVE-2016-3950",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-3950",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02150",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-92769",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-3950",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-3950",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-02150",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-356",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-92769",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "VULHUB",
"id": "VHN-92769"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. The AR3200 series enterprise routers are Huawei\u0027s next-generation network products. They inherit Huawei\u0027s deep accumulation in data communication, wireless communication, PON access and softswitch, and rely on the VRP platform with independent intellectual property rights. Wireless Internet access, private line access, PBX, converged communication, and security functions are widely deployed in large and medium-sized campus network outlets, large and medium-sized enterprise headquarters or branches. An AR2200 device has an input verification vulnerability. After an attacker uses the vulnerability to log in to the device and constructs a specific attack packet and sends it to the device, the device can be restarted probabilistically. Huawei AR3200 routers are prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A security vulnerability exists in the Huawei AR3200. The following versions are affected: Huawei AR3200 using V200R005C20, V200R005C30, and V200R005C32 software",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "BID",
"id": "87086"
},
{
"db": "VULHUB",
"id": "VHN-92769"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3950",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-02150",
"trust": 0.6
},
{
"db": "BID",
"id": "87086",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-92769",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "VULHUB",
"id": "VHN-92769"
},
{
"db": "BID",
"id": "87086"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"id": "VAR-201604-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "VULHUB",
"id": "VHN-92769"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
}
]
},
"last_update_date": "2023-12-18T13:39:11.637000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160406-01-ar",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en"
},
{
"title": "Huawei AR3200 device input verification vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/73899"
},
{
"title": "Huawei AR3200 Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60991"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92769"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3950"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3950"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160406-01-ar-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "VULHUB",
"id": "VHN-92769"
},
{
"db": "BID",
"id": "87086"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "VULHUB",
"id": "VHN-92769"
},
{
"db": "BID",
"id": "87086"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"date": "2016-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-92769"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "87086"
},
{
"date": "2016-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"date": "2016-04-18T14:59:03.720000",
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"date": "2016-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-92769"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "87086"
},
{
"date": "2016-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"date": "2016-05-18T21:34:47.020000",
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei AR3200 Service disruption in router software (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.