VAR-201604-0127
Vulnerability from variot - Updated: 2023-12-18 13:39Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. The AR3200 series enterprise routers are Huawei's next-generation network products. They inherit Huawei's deep accumulation in data communication, wireless communication, PON access and softswitch, and rely on the VRP platform with independent intellectual property rights. Wireless Internet access, private line access, PBX, converged communication, and security functions are widely deployed in large and medium-sized campus network outlets, large and medium-sized enterprise headquarters or branches. An AR2200 device has an input verification vulnerability. After an attacker uses the vulnerability to log in to the device and constructs a specific attack packet and sends it to the device, the device can be restarted probabilistically. Huawei AR3200 routers are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A security vulnerability exists in the Huawei AR3200. The following versions are affected: Huawei AR3200 using V200R005C20, V200R005C30, and V200R005C32 software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ar3200",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r005c20"
},
{
"model": "ar3200",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r005c30"
},
{
"model": "ar3200",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r005c32"
},
{
"model": "ar3200",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "firmware v200r006c10spc300"
},
{
"model": "ar3200",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:ar3200_firmware:v200r005c32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar3200_firmware:v200r005c30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar3200_firmware:v200r005c20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3950"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "87086"
}
],
"trust": 0.3
},
"cve": "CVE-2016-3950",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-3950",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02150",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-92769",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-3950",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-3950",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-02150",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-356",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-92769",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "VULHUB",
"id": "VHN-92769"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. The AR3200 series enterprise routers are Huawei\u0027s next-generation network products. They inherit Huawei\u0027s deep accumulation in data communication, wireless communication, PON access and softswitch, and rely on the VRP platform with independent intellectual property rights. Wireless Internet access, private line access, PBX, converged communication, and security functions are widely deployed in large and medium-sized campus network outlets, large and medium-sized enterprise headquarters or branches. An AR2200 device has an input verification vulnerability. After an attacker uses the vulnerability to log in to the device and constructs a specific attack packet and sends it to the device, the device can be restarted probabilistically. Huawei AR3200 routers are prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A security vulnerability exists in the Huawei AR3200. The following versions are affected: Huawei AR3200 using V200R005C20, V200R005C30, and V200R005C32 software",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "BID",
"id": "87086"
},
{
"db": "VULHUB",
"id": "VHN-92769"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3950",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-02150",
"trust": 0.6
},
{
"db": "BID",
"id": "87086",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-92769",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "VULHUB",
"id": "VHN-92769"
},
{
"db": "BID",
"id": "87086"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"id": "VAR-201604-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "VULHUB",
"id": "VHN-92769"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
}
]
},
"last_update_date": "2023-12-18T13:39:11.637000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160406-01-ar",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en"
},
{
"title": "Huawei AR3200 device input verification vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/73899"
},
{
"title": "Huawei AR3200 Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60991"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92769"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3950"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3950"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160406-01-ar-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "VULHUB",
"id": "VHN-92769"
},
{
"db": "BID",
"id": "87086"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"db": "VULHUB",
"id": "VHN-92769"
},
{
"db": "BID",
"id": "87086"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"date": "2016-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-92769"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "87086"
},
{
"date": "2016-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"date": "2016-04-18T14:59:03.720000",
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02150"
},
{
"date": "2016-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-92769"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "87086"
},
{
"date": "2016-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002170"
},
{
"date": "2016-05-18T21:34:47.020000",
"db": "NVD",
"id": "CVE-2016-3950"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei AR3200 Service disruption in router software (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002170"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-356"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…