Search criteria
8 vulnerabilities found for usg5500 by huawei
VAR-201704-0423
Vulnerability from variot - Updated: 2025-04-20 23:42Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server. Huawei USG5500 The backend server disrupts service operation (DoS) There are vulnerabilities that are put into a state.By the attacker, USG of anti-DDoS By avoiding modules, back-end servers are disrupted in service operations (DoS) There is a possibility of being put into a state. HuaweiUS55500 is a firewall product of Huawei Technologies of China. A security vulnerability exists in the HuaweiUSG5500V300R001C00 and V300R001C10. The remote attacker can use the vulnerability to send a large number of HTTP packets to bypass the DDOS defense module of the USG product for denial of service attacks. Huawei USG Products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0423",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usg5500",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg5500",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg5500 v300r001c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500 v300r001c10",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500 v300r001c10spc600",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10456"
},
{
"db": "BID",
"id": "93891"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008212"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-762"
},
{
"db": "NVD",
"id": "CVE-2016-8798"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:usg5500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008212"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Third Research Institute of Ministry of Public Security.",
"sources": [
{
"db": "BID",
"id": "93891"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-762"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8798",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8798",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10456",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-97618",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8798",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8798",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-8798",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10456",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-762",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97618",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10456"
},
{
"db": "VULHUB",
"id": "VHN-97618"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008212"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-762"
},
{
"db": "NVD",
"id": "CVE-2016-8798"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server. Huawei USG5500 The backend server disrupts service operation (DoS) There are vulnerabilities that are put into a state.By the attacker, USG of anti-DDoS By avoiding modules, back-end servers are disrupted in service operations (DoS) There is a possibility of being put into a state. HuaweiUS55500 is a firewall product of Huawei Technologies of China. A security vulnerability exists in the HuaweiUSG5500V300R001C00 and V300R001C10. The remote attacker can use the vulnerability to send a large number of HTTP packets to bypass the DDOS defense module of the USG product for denial of service attacks. Huawei USG Products are prone to a security-bypass vulnerability. \nAn attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8798"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008212"
},
{
"db": "CNVD",
"id": "CNVD-2016-10456"
},
{
"db": "BID",
"id": "93891"
},
{
"db": "VULHUB",
"id": "VHN-97618"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8798",
"trust": 3.4
},
{
"db": "BID",
"id": "93891",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008212",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-762",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10456",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97618",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10456"
},
{
"db": "VULHUB",
"id": "VHN-97618"
},
{
"db": "BID",
"id": "93891"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008212"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-762"
},
{
"db": "NVD",
"id": "CVE-2016-8798"
}
]
},
"id": "VAR-201704-0423",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10456"
},
{
"db": "VULHUB",
"id": "VHN-97618"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10456"
}
]
},
"last_update_date": "2025-04-20T23:42:14.661000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20161026-01-usg",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en"
},
{
"title": "HuaweiUSG product security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83341"
},
{
"title": "Huawei USG5500 Repair measures for security bypass vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65116"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10456"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008212"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-762"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97618"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008212"
},
{
"db": "NVD",
"id": "CVE-2016-8798"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/93891"
},
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8798"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8798"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10456"
},
{
"db": "VULHUB",
"id": "VHN-97618"
},
{
"db": "BID",
"id": "93891"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008212"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-762"
},
{
"db": "NVD",
"id": "CVE-2016-8798"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10456"
},
{
"db": "VULHUB",
"id": "VHN-97618"
},
{
"db": "BID",
"id": "93891"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008212"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-762"
},
{
"db": "NVD",
"id": "CVE-2016-8798"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10456"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97618"
},
{
"date": "2016-10-26T00:00:00",
"db": "BID",
"id": "93891"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008212"
},
{
"date": "2016-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-762"
},
{
"date": "2017-04-02T20:59:01.890000",
"db": "NVD",
"id": "CVE-2016-8798"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10456"
},
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97618"
},
{
"date": "2016-11-24T00:03:00",
"db": "BID",
"id": "93891"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008212"
},
{
"date": "2016-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-762"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8798"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-762"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei USG5500 Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008212"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-762"
}
],
"trust": 0.6
}
}
VAR-201704-0449
Vulnerability from variot - Updated: 2025-04-20 23:31Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei USG9500 is a firewall product of China Huawei. A cross-site request forgery vulnerability exists in several Huawei firewall USG series products. A remote attacker could exploit this vulnerability to perform unauthorized operations. Huawei USG9500 etc. The following products and versions are affected: Huawei USG9500 V200R001C01SPC800 and previous versions, V300R001C00 Version; USG2100 V300R001C00SPC900 and previous versions; USG2200 V300R001C00SPC900 and previous versions; USG5100 V300R001C00SPC900 and previous versions; USG5500 V300R001C00SPC900 and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0449",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusionmanager",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r002c03"
},
{
"model": "fusionmanager",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r003c00"
},
{
"model": "usg9500",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg2100",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5500",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg9500",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "v200r001c01spc800"
},
{
"model": "usg2200",
"scope": "eq",
"trust": 1.4,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5100",
"scope": "eq",
"trust": 1.4,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5100",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg2200",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "fusionmanager v100r002c03",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "fusionmanager v100r003c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500 v300r001c00spc900",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg9500 \u003c=v200r001c01spc800",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg9500 \u003c=v300r001c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg2100 \u003c=v300r001c00spc900",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200 \u003c=v300r001c00spc900",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100 \u003c=300r001c00spc900",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg9500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v200r001c01spc800"
},
{
"model": "usg2100",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:fusionmanager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg9500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
}
]
},
"cve": "CVE-2014-9137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-9137",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-04633",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-77082",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2014-9137",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9137",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9137",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04633",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-206",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77082",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei USG9500 is a firewall product of China Huawei. A cross-site request forgery vulnerability exists in several Huawei firewall USG series products. A remote attacker could exploit this vulnerability to perform unauthorized operations. Huawei USG9500 etc. The following products and versions are affected: Huawei USG9500 V200R001C01SPC800 and previous versions, V300R001C00 Version; USG2100 V300R001C00SPC900 and previous versions; USG2200 V300R001C00SPC900 and previous versions; USG5100 V300R001C00SPC900 and previous versions; USG5500 V300R001C00SPC900 and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9137"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9137",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04633",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-77082",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"id": "VAR-201704-0449",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
}
],
"trust": 1.530372565
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
}
]
},
"last_update_date": "2025-04-20T23:31:02.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20140924-02-CSRF",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"title": "A variety of Huawei firewall USG series products cross-site request forgery vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91945"
},
{
"title": "A variety of Huawei firewalls USG Repair measures for cross-site request forgery vulnerability in series products",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69053"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77082"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9137"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9137"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-77082"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"date": "2017-04-02T20:59:00.470000",
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"date": "2017-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-77082"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei USG In product Web To the user of the interface CSRF Attacked vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
}
],
"trust": 0.6
}
}
VAR-201704-0448
Vulnerability from variot - Updated: 2025-04-20 23:22Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei FusionManager is a management software for hardware devices, virtualized resources, and applications developed by Huawei in China. Cross-site request forgery vulnerabilities exist in Huawei FusionManager V100R002C03 and V100R003C00. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0448",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusionmanager",
"scope": "eq",
"trust": 1.4,
"vendor": "huawei",
"version": "v100r002c03"
},
{
"model": "fusionmanager",
"scope": "eq",
"trust": 1.4,
"vendor": "huawei",
"version": "v100r003c00"
},
{
"model": "usg5100",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "fusionmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r003c00"
},
{
"model": "usg2100",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5500",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "fusionmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r002c03"
},
{
"model": "usg9500",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg9500",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r001c01spc800"
},
{
"model": "usg2200",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg2100",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg9500",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg9500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v200r001c01spc800"
},
{
"model": "usg2100",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5100",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg9500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:fusionmanager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg9500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
}
]
},
"cve": "CVE-2014-9136",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-9136",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-77081",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2014-9136",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9136",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-207",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77081",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-9136",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei FusionManager is a management software for hardware devices, virtualized resources, and applications developed by Huawei in China. Cross-site request forgery vulnerabilities exist in Huawei FusionManager V100R002C03 and V100R003C00. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "VULMON",
"id": "CVE-2014-9136"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9136",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-77081",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-9136",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"id": "VAR-201704-0448",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-77081"
}
],
"trust": 0.42149026
},
"last_update_date": "2025-04-20T23:22:24.183000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20140924-02-CSRF",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"title": "Huawei FusionManager Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73794"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9136"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9136"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-77081"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"date": "2017-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"date": "2017-04-02T20:59:00.453000",
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-77081"
},
{
"date": "2017-04-05T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei FusionManager In software Web For interface users CSRF Attacked vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
}
],
"trust": 0.6
}
}
VAR-201512-0241
Vulnerability from variot - Updated: 2025-04-13 23:37Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is enabled on an interface, allow remote attackers to cause a denial of service (reboot) via crafted DHCP packets. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Successful exploits may allow an attackers to cause the affected device to restart, denying service to legitimate users. Huawei USG5500, USG2100, USG2200, and USG5100 are all unified security gateway products of Huawei in China. There are security vulnerabilities in many Huawei products. The following products and versions are affected: Huawei USG5500, USG2100, USG2200, and USG5100 using software versions earlier than V300R001C10SPC600
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0241",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified security gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "unified security gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c10spc600"
},
{
"model": "usg2100",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "unified security gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006140"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-338"
},
{
"db": "NVD",
"id": "CVE-2015-8084"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:unified_security_gateway_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:usg2100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:usg2200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:usg5100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:usg5500",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006140"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kurt Grutzmacher",
"sources": [
{
"db": "BID",
"id": "77300"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-338"
}
],
"trust": 0.9
},
"cve": "CVE-2015-8084",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-8084",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-86045",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8084",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-8084",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-338",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-86045",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86045"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006140"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-338"
},
{
"db": "NVD",
"id": "CVE-2015-8084"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when \"DHCP Snooping\" is enabled and either \"option82 insert\" or \"option82 rebuild\" is enabled on an interface, allow remote attackers to cause a denial of service (reboot) via crafted DHCP packets. Multiple Huawei products are prone to a remote denial-of-service vulnerability. \nSuccessful exploits may allow an attackers to cause the affected device to restart, denying service to legitimate users. Huawei USG5500, USG2100, USG2200, and USG5100 are all unified security gateway products of Huawei in China. There are security vulnerabilities in many Huawei products. The following products and versions are affected: Huawei USG5500, USG2100, USG2200, and USG5100 using software versions earlier than V300R001C10SPC600",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8084"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006140"
},
{
"db": "BID",
"id": "77300"
},
{
"db": "VULHUB",
"id": "VHN-86045"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8084",
"trust": 2.8
},
{
"db": "BID",
"id": "77300",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006140",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-338",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-89905",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-86045",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86045"
},
{
"db": "BID",
"id": "77300"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006140"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-338"
},
{
"db": "NVD",
"id": "CVE-2015-8084"
}
]
},
"id": "VAR-201512-0241",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-86045"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:37:30.799000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151021-01-USG",
"trust": 0.8,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-457916.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86045"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006140"
},
{
"db": "NVD",
"id": "CVE-2015-8084"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/77300"
},
{
"trust": 1.7,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-457916.htm"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8084"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8084"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86045"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006140"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-338"
},
{
"db": "NVD",
"id": "CVE-2015-8084"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-86045"
},
{
"db": "BID",
"id": "77300"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006140"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-338"
},
{
"db": "NVD",
"id": "CVE-2015-8084"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-86045"
},
{
"date": "2015-10-21T00:00:00",
"db": "BID",
"id": "77300"
},
{
"date": "2015-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006140"
},
{
"date": "2015-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-338"
},
{
"date": "2015-12-07T20:59:10.343000",
"db": "NVD",
"id": "CVE-2015-8084"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-86045"
},
{
"date": "2015-12-08T22:09:00",
"db": "BID",
"id": "77300"
},
{
"date": "2015-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006140"
},
{
"date": "2015-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-338"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-8084"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-338"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei USG Denial of service in product software (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-338"
}
],
"trust": 0.6
}
}
VAR-201610-0207
Vulnerability from variot - Updated: 2025-04-13 23:32Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication. HuaweiUSG2100 is a unified security gateway product of Huawei Technologies, China. A number of HuaweiUSG products have a buffer overflow vulnerability that allows remote attackers to exploit this vulnerability to submit a special request to crash an application. Multiple Huawei USG Products are prone to a buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the affected device. Failed exploit attempts will result in denial-of-service conditions. Point-to-Point Protocol over Ethernet (PPPoE) is a PPP protocol (point-to-point connection protocol) used in gateway products such as Huawei USG2100. The following products and versions are affected: Huawei USG2100 V300R001C00, V300R001C10; USG2200V300R001C00, V300R001C10; USG5100V300R001C00, V300R001C10;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usg2100",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg5500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg5100",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg2100",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg5100",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg2200",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg5500",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg2200",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg2100 v300r001c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "usg2100 v300r001c10",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200 v300r001c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200 v300r001c10",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100 v300r001c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100 v300r001c10",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500 v300r001c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500 v300r001c10",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "usg2100",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg2100",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c10spc600"
},
{
"model": "usg2200",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c10spc600"
},
{
"model": "usg5100",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c10spc600"
},
{
"model": "usg5500",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c10spc600"
},
{
"model": "usg5500 v300r001c10spc600",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100 v300r001c10spc600",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200 v300r001c10spc600",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg2100 v300r001c10spc600",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08078"
},
{
"db": "BID",
"id": "92962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005100"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-395"
},
{
"db": "NVD",
"id": "CVE-2016-8276"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:huawei:usg2100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:usg2200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:usg5100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:usg5500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005100"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "92962"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8276",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-8276",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-08078",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-97096",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8276",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8276",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-8276",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-08078",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-395",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-97096",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08078"
},
{
"db": "VULHUB",
"id": "VHN-97096"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005100"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-395"
},
{
"db": "NVD",
"id": "CVE-2016-8276"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication. HuaweiUSG2100 is a unified security gateway product of Huawei Technologies, China. A number of HuaweiUSG products have a buffer overflow vulnerability that allows remote attackers to exploit this vulnerability to submit a special request to crash an application. Multiple Huawei USG Products are prone to a buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAttackers can exploit this issue to execute arbitrary code in the affected device. Failed exploit attempts will result in denial-of-service conditions. Point-to-Point Protocol over Ethernet (PPPoE) is a PPP protocol (point-to-point connection protocol) used in gateway products such as Huawei USG2100. The following products and versions are affected: Huawei USG2100 V300R001C00, V300R001C10; USG2200V300R001C00, V300R001C10; USG5100V300R001C00, V300R001C10;",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8276"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005100"
},
{
"db": "CNVD",
"id": "CNVD-2016-08078"
},
{
"db": "BID",
"id": "92962"
},
{
"db": "VULHUB",
"id": "VHN-97096"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8276",
"trust": 3.4
},
{
"db": "BID",
"id": "92962",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005100",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-395",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-08078",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97096",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08078"
},
{
"db": "VULHUB",
"id": "VHN-97096"
},
{
"db": "BID",
"id": "92962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005100"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-395"
},
{
"db": "NVD",
"id": "CVE-2016-8276"
}
]
},
"id": "VAR-201610-0207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08078"
},
{
"db": "VULHUB",
"id": "VHN-97096"
}
],
"trust": 1.375000025
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08078"
}
]
},
"last_update_date": "2025-04-13T23:32:37.110000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160914-01-usg",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en"
},
{
"title": "Patches for multiple HuaweiUSG product buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/81681"
},
{
"title": "Multiple Huawei USG Product Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64189"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08078"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005100"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-395"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97096"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005100"
},
{
"db": "NVD",
"id": "CVE-2016-8276"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92962"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8276"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8276"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08078"
},
{
"db": "VULHUB",
"id": "VHN-97096"
},
{
"db": "BID",
"id": "92962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005100"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-395"
},
{
"db": "NVD",
"id": "CVE-2016-8276"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-08078"
},
{
"db": "VULHUB",
"id": "VHN-97096"
},
{
"db": "BID",
"id": "92962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005100"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-395"
},
{
"db": "NVD",
"id": "CVE-2016-8276"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08078"
},
{
"date": "2016-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-97096"
},
{
"date": "2016-09-14T00:00:00",
"db": "BID",
"id": "92962"
},
{
"date": "2016-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005100"
},
{
"date": "2016-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-395"
},
{
"date": "2016-10-03T21:59:09.457000",
"db": "NVD",
"id": "CVE-2016-8276"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08078"
},
{
"date": "2016-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-97096"
},
{
"date": "2016-09-19T14:00:00",
"db": "BID",
"id": "92962"
},
{
"date": "2016-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005100"
},
{
"date": "2016-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-395"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-8276"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-395"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei USG Product software PPPoE Module buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005100"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-395"
}
],
"trust": 0.6
}
}
VAR-201609-0170
Vulnerability from variot - Updated: 2025-04-13 23:22Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet. Multiple Huawei USG Products are prone to a buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the affected device. Failed exploit attempts will result in denial-of-service conditions. Huawei USG2100 and others are the unified security gateway products of China Huawei (Huawei). Authentication, Authorization and Accounting (AAA) is one of the modules used to deal with computer resources and user requirements and provide authentication and authorization for enterprises. The AAA module in several Huawei products has a buffer overflow vulnerability. The following products and versions are affected: Huawei USG2100 V300R001C00, V300R001C10; USG2200 V300R001C00, V300R001C10; USG5100 V300R001C00, V300R001C10; USG5500 V300R001C00, V1C10R00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0170",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usg2200",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg5100",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg5100",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg2100",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg5500",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg2200",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg2100",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg5500",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg2100",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg2100",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c10spc600"
},
{
"model": "usg2200",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c10spc600"
},
{
"model": "usg5100",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c10spc600"
},
{
"model": "usg5500",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c10spc600"
},
{
"model": "usg2200",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg5500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg2100",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg5100",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg5100",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c10"
},
{
"model": "usg2200",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg5500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg2100",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg5500 v300r001c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500 v300r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100 v300r001c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100 v300r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200 v300r001c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200 v300r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg2100 v300r001c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg2100 v300r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500 v300r001c10spc600",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100 v300r001c10spc600",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200 v300r001c10spc600",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg2100 v300r001c10spc600",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "92441"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004835"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-283"
},
{
"db": "NVD",
"id": "CVE-2016-6669"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:huawei:usg2100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:usg2200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:usg5100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:usg5500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004835"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "92441"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6669",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6669",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-95489",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2016-6669",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6669",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-6669",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-283",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-95489",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95489"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004835"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-283"
},
{
"db": "NVD",
"id": "CVE-2016-6669"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet. Multiple Huawei USG Products are prone to a buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAttackers can exploit this issue to execute arbitrary code in the affected device. Failed exploit attempts will result in denial-of-service conditions. Huawei USG2100 and others are the unified security gateway products of China Huawei (Huawei). Authentication, Authorization and Accounting (AAA) is one of the modules used to deal with computer resources and user requirements and provide authentication and authorization for enterprises. The AAA module in several Huawei products has a buffer overflow vulnerability. The following products and versions are affected: Huawei USG2100 V300R001C00, V300R001C10; USG2200 V300R001C00, V300R001C10; USG5100 V300R001C00, V300R001C10; USG5500 V300R001C00, V1C10R00",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6669"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004835"
},
{
"db": "BID",
"id": "92441"
},
{
"db": "VULHUB",
"id": "VHN-95489"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6669",
"trust": 2.8
},
{
"db": "BID",
"id": "92441",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004835",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-283",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95489",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95489"
},
{
"db": "BID",
"id": "92441"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004835"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-283"
},
{
"db": "NVD",
"id": "CVE-2016-6669"
}
]
},
"id": "VAR-201609-0170",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95489"
}
],
"trust": 0.7750000250000001
},
"last_update_date": "2025-04-13T23:22:20.283000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160810-01-usg",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
},
{
"title": "Multiple Huawei Product Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63655"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004835"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-283"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95489"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004835"
},
{
"db": "NVD",
"id": "CVE-2016-6669"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92441"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6669"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6669"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95489"
},
{
"db": "BID",
"id": "92441"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004835"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-283"
},
{
"db": "NVD",
"id": "CVE-2016-6669"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95489"
},
{
"db": "BID",
"id": "92441"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004835"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-283"
},
{
"db": "NVD",
"id": "CVE-2016-6669"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "VULHUB",
"id": "VHN-95489"
},
{
"date": "2016-08-10T00:00:00",
"db": "BID",
"id": "92441"
},
{
"date": "2016-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004835"
},
{
"date": "2016-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-283"
},
{
"date": "2016-09-22T15:59:05.977000",
"db": "NVD",
"id": "CVE-2016-6669"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95489"
},
{
"date": "2016-08-10T00:00:00",
"db": "BID",
"id": "92441"
},
{
"date": "2016-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004835"
},
{
"date": "2016-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-283"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6669"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-283"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei USG Product software AAA Module buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004835"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-283"
}
],
"trust": 0.6
}
}
CVE-2016-8276 (GCVE-0-2016-8276)
Vulnerability from nvd – Published: 2016-10-03 21:00 – Updated: 2024-08-06 02:20
VLAI?
Summary
Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:29.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en"
},
{
"name": "92962",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-03T20:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en"
},
{
"name": "92962",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en"
},
{
"name": "92962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2016-8276",
"datePublished": "2016-10-03T21:00:00",
"dateReserved": "2016-09-18T00:00:00",
"dateUpdated": "2024-08-06T02:20:29.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8276 (GCVE-0-2016-8276)
Vulnerability from cvelistv5 – Published: 2016-10-03 21:00 – Updated: 2024-08-06 02:20
VLAI?
Summary
Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:29.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en"
},
{
"name": "92962",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-03T20:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en"
},
{
"name": "92962",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en"
},
{
"name": "92962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2016-8276",
"datePublished": "2016-10-03T21:00:00",
"dateReserved": "2016-09-18T00:00:00",
"dateUpdated": "2024-08-06T02:20:29.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}