Search criteria
4 vulnerabilities found for ec156 by huawei
VAR-201712-0033
Vulnerability from variot - Updated: 2025-04-20 23:30Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe. Huawei EC156 , EC176 ,and EC177 USB Modem product software contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. du Mobile Broadband is a wireless bandwidth device from China's Huawei. There is a local elevation of privilege vulnerability in du Mobile broadband. A local attacker could use this vulnerability to execute arbitrary code with SYSTEM privileges. There are vulnerabilities in du Mobile broadband 16.002.03.16.124, other versions may also be affected. This may aid in further attacks. It lets you access du wireless internetwherever you are and whenever you need it, all powered throughyour mobile data SIM or simply by connecting your 3G USB stickto your device.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerabilityexist due to the improper permissions, with the 'F' flag (full)for the 'Everyone' and 'Users' group, for the 'du Mobile Broadband.exe'binary file. The files are installed in the 'du Mobile Broadband'directory which has the Everyone group assigned to it with fullpermissions making every single file inside vulnerable to changeby any user on the affected machine. After you replace the binarywith your rootkit, on reboot you get SYSTEM privileges.Tested on: Microsoft Windows 7 Ultimate SP1 (EN) 64bit. Huawei EC156, EC176 and EC177 are wireless network card products of China Huawei (Huawei). The following versions are affected: Huawei EC156 UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) Version; EC176 UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) Version; EC177 UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) Version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0033",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ec176",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r003b009d05sp03c1014"
},
{
"model": "ec156",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r003b009d05sp03c1014"
},
{
"model": "ec177",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r003b009d05sp03c1014"
},
{
"model": "ec156",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "utps-v200r003b015d02sp07c1014 (23.015.02.07.1014)"
},
{
"model": "ec156",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v200r003b015d02sp08c1014 (23.015.02.08.1014)"
},
{
"model": "ec176",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "utps-v200r003b015d02sp07c1014 (23.015.02.07.1014)"
},
{
"model": "ec176",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v200r003b015d02sp08c1014 (23.015.02.08.1014)"
},
{
"model": "ec177",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "utps-v200r003b015d02sp07c1014 (23.015.02.07.1014)"
},
{
"model": "ec177",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v200r003b015d02sp08c1014 (23.015.02.08.1014)"
},
{
"model": "du mobile broadband",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "16.002.03.16.124"
},
{
"model": "mobile partner",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "11.302.09.00.03"
},
{
"model": "technologies du mobile broadband",
"scope": "eq",
"trust": 0.1,
"vendor": "huawei",
"version": "16.002.03.16.124"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07280"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008447"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1287"
},
{
"db": "NVD",
"id": "CVE-2014-8358"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:ec156_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:ec176_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:ec177_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008447"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Osanda Malith",
"sources": [
{
"db": "BID",
"id": "70672"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1287"
}
],
"trust": 0.9
},
"cve": "CVE-2014-8358",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-8358",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-00063",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-07280",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-76303",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2014-8358",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8358",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-8358",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-00063",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-07280",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1287",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "ZSL",
"id": "ZSL-2013-5164",
"trust": 0.1,
"value": "(2/5)"
},
{
"author": "VULHUB",
"id": "VHN-76303",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07280"
},
{
"db": "VULHUB",
"id": "VHN-76303"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008447"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1287"
},
{
"db": "NVD",
"id": "CVE-2014-8358"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the \"Mobile Partner\" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe. Huawei EC156 , EC176 ,and EC177 USB Modem product software contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. du Mobile Broadband is a wireless bandwidth device from China\u0027s Huawei. \nThere is a local elevation of privilege vulnerability in du Mobile broadband. A local attacker could use this vulnerability to execute arbitrary code with SYSTEM privileges. There are vulnerabilities in du Mobile broadband 16.002.03.16.124, other versions may also be affected. This may aid in further attacks. It lets you access du wireless internetwherever you are and whenever you need it, all powered throughyour mobile data SIM or simply by connecting your 3G USB stickto your device.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerabilityexist due to the improper permissions, with the \u0027F\u0027 flag (full)for the \u0027Everyone\u0027 and \u0027Users\u0027 group, for the \u0027du Mobile Broadband.exe\u0027binary file. The files are installed in the \u0027du Mobile Broadband\u0027directory which has the Everyone group assigned to it with fullpermissions making every single file inside vulnerable to changeby any user on the affected machine. After you replace the binarywith your rootkit, on reboot you get SYSTEM privileges.Tested on: Microsoft Windows 7 Ultimate SP1 (EN) 64bit. Huawei EC156, EC176 and EC177 are wireless network card products of China Huawei (Huawei). The following versions are affected: Huawei EC156 UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) Version; EC176 UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) Version; EC177 UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) Version",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008447"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07280"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"db": "BID",
"id": "70672"
},
{
"db": "BID",
"id": "64523"
},
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "VULHUB",
"id": "VHN-76303"
}
],
"trust": 3.96
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/dumb_pe.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-76303",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "VULHUB",
"id": "VHN-76303"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8358",
"trust": 2.8
},
{
"db": "BID",
"id": "70672",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "128767",
"trust": 1.7
},
{
"db": "BID",
"id": "64523",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008447",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1287",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00063",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-07280",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576",
"trust": 0.6
},
{
"db": "ZSL",
"id": "ZSL-2013-5164",
"trust": 0.4
},
{
"db": "EXPLOIT-DB",
"id": "30477",
"trust": 0.2
},
{
"db": "OSVDB",
"id": "90090",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2013120140",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124557",
"trust": 0.1
},
{
"db": "XF",
"id": "89907",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-83860",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76303",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07280"
},
{
"db": "VULHUB",
"id": "VHN-76303"
},
{
"db": "BID",
"id": "70672"
},
{
"db": "BID",
"id": "64523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008447"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1287"
},
{
"db": "NVD",
"id": "CVE-2014-8358"
}
]
},
"id": "VAR-201712-0033",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07280"
},
{
"db": "VULHUB",
"id": "VHN-76303"
}
],
"trust": 2.157142865
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07280"
}
]
},
"last_update_date": "2025-04-20T23:30:49.981000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20141022- DLLHijacking",
"trust": 0.8,
"url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008447"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-426",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76303"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008447"
},
{
"db": "NVD",
"id": "CVE-2014-8358"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/70672"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152"
},
{
"trust": 1.7,
"url": "https://packetstormsecurity.com/files/128767/huawei-mobile-partner-dll-hijacking.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/64523"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8358"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8358"
},
{
"trust": 0.3,
"url": "http://huaweinews.com/2013/08/download-mobile-partner-latest/"
},
{
"trust": 0.3,
"url": "http://osandamalith.wordpress.com/2014/10/20/escalating-local-privileges-using-mobile-partner/"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-376152.htm"
},
{
"trust": 0.3,
"url": "http://www.du.ae/en/mobile/mobilebroadband"
},
{
"trust": 0.3,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2013-5164.php"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2013120140"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/124557"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/89907"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/30477/"
},
{
"trust": 0.1,
"url": "http://www.vfocus.net/art/20131225/11294.html"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/90090"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07280"
},
{
"db": "VULHUB",
"id": "VHN-76303"
},
{
"db": "BID",
"id": "70672"
},
{
"db": "BID",
"id": "64523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008447"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1287"
},
{
"db": "NVD",
"id": "CVE-2014-8358"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07280"
},
{
"db": "VULHUB",
"id": "VHN-76303"
},
{
"db": "BID",
"id": "70672"
},
{
"db": "BID",
"id": "64523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008447"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1287"
},
{
"db": "NVD",
"id": "CVE-2014-8358"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-19T00:00:00",
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"date": "2014-01-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"date": "2014-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07280"
},
{
"date": "2017-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-76303"
},
{
"date": "2014-10-20T00:00:00",
"db": "BID",
"id": "70672"
},
{
"date": "2013-12-19T00:00:00",
"db": "BID",
"id": "64523"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008447"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"date": "2014-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1287"
},
{
"date": "2017-12-11T21:29:00.237000",
"db": "NVD",
"id": "CVE-2014-8358"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-05T00:00:00",
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"date": "2014-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"date": "2014-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07280"
},
{
"date": "2017-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-76303"
},
{
"date": "2015-03-19T09:15:00",
"db": "BID",
"id": "70672"
},
{
"date": "2013-12-19T00:00:00",
"db": "BID",
"id": "64523"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008447"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"date": "2017-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1287"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2014-8358"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "70672"
},
{
"db": "BID",
"id": "64523"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Unreliable search path vulnerability in modem product software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008447"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1287"
}
],
"trust": 1.2
}
}
VAR-201411-0377
Vulnerability from variot - Updated: 2025-04-13 23:27Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory. du Mobile Broadband is a wireless bandwidth device from China's Huawei. There is a local elevation of privilege vulnerability in du Mobile broadband. A local attacker could use this vulnerability to execute arbitrary code with SYSTEM privileges. There are vulnerabilities in du Mobile broadband 16.002.03.16.124, other versions may also be affected. Attackers can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. It lets you access du wireless internetwherever you are and whenever you need it, all powered throughyour mobile data SIM or simply by connecting your 3G USB stickto your device.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerabilityexist due to the improper permissions, with the 'F' flag (full)for the 'Everyone' and 'Users' group, for the 'du Mobile Broadband.exe'binary file. The files are installed in the 'du Mobile Broadband'directory which has the Everyone group assigned to it with fullpermissions making every single file inside vulnerable to changeby any user on the affected machine. After you replace the binarywith your rootkit, on reboot you get SYSTEM privileges.Tested on: Microsoft Windows 7 Ultimate SP1 (EN) 64bit. Huawei Mobile Partner for Windows is a 3G network card client for Windows platform of China Huawei (Huawei), which is mainly used for 3G dial-up Internet access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0377",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mobile partner",
"scope": "eq",
"trust": 2.2,
"vendor": "huawei",
"version": "23.009.05.03.1014"
},
{
"model": "ec176",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "ec156",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "ec177",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "ec156",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ec176",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ec177",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mobile partner",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "23.009.05.03.1014 (windows)"
},
{
"model": "du mobile broadband",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "16.002.03.16.124"
},
{
"model": "technologies du mobile broadband",
"scope": "eq",
"trust": 0.1,
"vendor": "huawei",
"version": "16.002.03.16.124"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07281"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005442"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1286"
},
{
"db": "NVD",
"id": "CVE-2014-8359"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:huawei:ec156",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:ec176",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:ec177",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:mobile_partner_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005442"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Osanda Malith",
"sources": [
{
"db": "BID",
"id": "70671"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1286"
}
],
"trust": 0.9
},
"cve": "CVE-2014-8359",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2014-8359",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-00063",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-07281",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-76304",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8359",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-8359",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-00063",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-07281",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1286",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2013-5164",
"trust": 0.1,
"value": "(2/5)"
},
{
"author": "VULHUB",
"id": "VHN-76304",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07281"
},
{
"db": "VULHUB",
"id": "VHN-76304"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005442"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1286"
},
{
"db": "NVD",
"id": "CVE-2014-8359"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory. du Mobile Broadband is a wireless bandwidth device from China\u0027s Huawei. \nThere is a local elevation of privilege vulnerability in du Mobile broadband. A local attacker could use this vulnerability to execute arbitrary code with SYSTEM privileges. There are vulnerabilities in du Mobile broadband 16.002.03.16.124, other versions may also be affected. \nAttackers can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. It lets you access du wireless internetwherever you are and whenever you need it, all powered throughyour mobile data SIM or simply by connecting your 3G USB stickto your device.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerabilityexist due to the improper permissions, with the \u0027F\u0027 flag (full)for the \u0027Everyone\u0027 and \u0027Users\u0027 group, for the \u0027du Mobile Broadband.exe\u0027binary file. The files are installed in the \u0027du Mobile Broadband\u0027directory which has the Everyone group assigned to it with fullpermissions making every single file inside vulnerable to changeby any user on the affected machine. After you replace the binarywith your rootkit, on reboot you get SYSTEM privileges.Tested on: Microsoft Windows 7 Ultimate SP1 (EN) 64bit. Huawei Mobile Partner for Windows is a 3G network card client for Windows platform of China Huawei (Huawei), which is mainly used for 3G dial-up Internet access",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8359"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005442"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07281"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"db": "BID",
"id": "70671"
},
{
"db": "BID",
"id": "64523"
},
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "VULHUB",
"id": "VHN-76304"
}
],
"trust": 3.96
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/dumb_pe.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-76304",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "VULHUB",
"id": "VHN-76304"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8359",
"trust": 3.4
},
{
"db": "BID",
"id": "70671",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "128767",
"trust": 1.7
},
{
"db": "BID",
"id": "64523",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005442",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1286",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00063",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-07281",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576",
"trust": 0.6
},
{
"db": "XF",
"id": "97682",
"trust": 0.6
},
{
"db": "ZSL",
"id": "ZSL-2013-5164",
"trust": 0.4
},
{
"db": "EXPLOIT-DB",
"id": "30477",
"trust": 0.2
},
{
"db": "OSVDB",
"id": "90090",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2013120140",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124557",
"trust": 0.1
},
{
"db": "XF",
"id": "89907",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76304",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07281"
},
{
"db": "VULHUB",
"id": "VHN-76304"
},
{
"db": "BID",
"id": "70671"
},
{
"db": "BID",
"id": "64523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005442"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1286"
},
{
"db": "NVD",
"id": "CVE-2014-8359"
}
]
},
"id": "VAR-201411-0377",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07281"
},
{
"db": "VULHUB",
"id": "VHN-76304"
}
],
"trust": 2.157142865
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07281"
}
]
},
"last_update_date": "2025-04-13T23:27:21.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20141022- DLLHijacking",
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005442"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76304"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005442"
},
{
"db": "NVD",
"id": "CVE-2014-8359"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/70671"
},
{
"trust": 2.0,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm"
},
{
"trust": 2.0,
"url": "http://osandamalith.wordpress.com/2014/10/20/escalating-local-privileges-using-mobile-partner/"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128767/huawei-mobile-partner-dll-hijacking.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/64523"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97682"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8359"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8359"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/97682"
},
{
"trust": 0.3,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.3,
"url": "http://huaweinews.com/2013/08/download-mobile-partner-latest/"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"trust": 0.3,
"url": "http://www.attackvector.org/new-dll-hijacking-exploits-many/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
},
{
"trust": 0.3,
"url": "http://www.du.ae/en/mobile/mobilebroadband"
},
{
"trust": 0.3,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2013-5164.php"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2013120140"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/124557"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/89907"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/30477/"
},
{
"trust": 0.1,
"url": "http://www.vfocus.net/art/20131225/11294.html"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/90090"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07281"
},
{
"db": "VULHUB",
"id": "VHN-76304"
},
{
"db": "BID",
"id": "70671"
},
{
"db": "BID",
"id": "64523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005442"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1286"
},
{
"db": "NVD",
"id": "CVE-2014-8359"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"db": "CNVD",
"id": "CNVD-2014-07281"
},
{
"db": "VULHUB",
"id": "VHN-76304"
},
{
"db": "BID",
"id": "70671"
},
{
"db": "BID",
"id": "64523"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005442"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1286"
},
{
"db": "NVD",
"id": "CVE-2014-8359"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-19T00:00:00",
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"date": "2014-01-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"date": "2014-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07281"
},
{
"date": "2014-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-76304"
},
{
"date": "2014-10-20T00:00:00",
"db": "BID",
"id": "70671"
},
{
"date": "2013-12-19T00:00:00",
"db": "BID",
"id": "64523"
},
{
"date": "2014-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005442"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"date": "2014-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1286"
},
{
"date": "2014-11-13T21:32:05.907000",
"db": "NVD",
"id": "CVE-2014-8359"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-05T00:00:00",
"db": "ZSL",
"id": "ZSL-2013-5164"
},
{
"date": "2014-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00063"
},
{
"date": "2014-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07281"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-76304"
},
{
"date": "2015-03-19T08:38:00",
"db": "BID",
"id": "70671"
},
{
"date": "2013-12-19T00:00:00",
"db": "BID",
"id": "64523"
},
{
"date": "2014-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005442"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1286"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8359"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "64523"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1286"
}
],
"trust": 1.5
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows for Huawei Mobile Partner Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005442"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-576"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1286"
}
],
"trust": 1.2
}
}
CVE-2014-8359 (GCVE-0-2014-8359)
Vulnerability from nvd – Published: 2014-11-13 15:00 – Updated: 2024-08-06 13:18
VLAI?
Summary
Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70671",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70671"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm"
},
{
"name": "huawei-mobile-cve20148359-code-exec(97682)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97682"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osandamalith.wordpress.com/2014/10/20/escalating-local-privileges-using-mobile-partner/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70671",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70671"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm"
},
{
"name": "huawei-mobile-cve20148359-code-exec(97682)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97682"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osandamalith.wordpress.com/2014/10/20/escalating-local-privileges-using-mobile-partner/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70671"
},
{
"name": "http://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm"
},
{
"name": "huawei-mobile-cve20148359-code-exec(97682)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97682"
},
{
"name": "http://osandamalith.wordpress.com/2014/10/20/escalating-local-privileges-using-mobile-partner/",
"refsource": "MISC",
"url": "http://osandamalith.wordpress.com/2014/10/20/escalating-local-privileges-using-mobile-partner/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8359",
"datePublished": "2014-11-13T15:00:00",
"dateReserved": "2014-10-20T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8359 (GCVE-0-2014-8359)
Vulnerability from cvelistv5 – Published: 2014-11-13 15:00 – Updated: 2024-08-06 13:18
VLAI?
Summary
Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70671",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70671"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm"
},
{
"name": "huawei-mobile-cve20148359-code-exec(97682)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97682"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osandamalith.wordpress.com/2014/10/20/escalating-local-privileges-using-mobile-partner/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70671",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70671"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm"
},
{
"name": "huawei-mobile-cve20148359-code-exec(97682)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97682"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osandamalith.wordpress.com/2014/10/20/escalating-local-privileges-using-mobile-partner/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70671"
},
{
"name": "http://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.html"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm"
},
{
"name": "huawei-mobile-cve20148359-code-exec(97682)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97682"
},
{
"name": "http://osandamalith.wordpress.com/2014/10/20/escalating-local-privileges-using-mobile-partner/",
"refsource": "MISC",
"url": "http://osandamalith.wordpress.com/2014/10/20/escalating-local-privileges-using-mobile-partner/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8359",
"datePublished": "2014-11-13T15:00:00",
"dateReserved": "2014-10-20T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}