Vulnerability-Lookup

CVE-2016-6825 (GCVE-0-2016-6825)

Vulnerability from cvelistv5 – Published: 2016-09-07 19:00 – Updated: 2024-08-06 01:43

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

VAR-201609-0566

Vulnerability from variot - Updated: 2025-04-13 23:25

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms.". plural Huawei Product software includes " Missing authentication protection mechanism " There is a vulnerability in password acquisition due to incomplete processing. Supplementary information : CWE Vulnerability type by CWE-285: Improper Authorization ( Inappropriate authentication ) Has been identified. http://cwe.mitre.org/data/definitions/285.htmlRound robin by a third party (brute-force) A password may be obtained through an attack. Huawei is a Chinese provider of information and communication solutions. An authentication bypass vulnerability exists in multiple Huawei servers, and an attacker can exploit this vulnerability to bypass the authentication mechanism. Huawei XH628 and others are all servers of China Huawei (Huawei). There are brute force cracking attack vulnerabilities in several Huawei servers. A remote attacker could exploit this vulnerability to obtain passwords through a brute force attack. The following products and versions are affected: Huawei XH620 V3, XH622 V3, XH628 V3 earlier than V100R003C00SPC610, RH1288 V3 earlier than V100R003C00SPC613, RH2288 V3 earlier than V100R003C00SPC617, and RH2288H V3 earlier than V100R003C

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0566",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "xh628 v3 server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "v100r003c00"
      },
      {
        "model": "rh2288 v3 server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "v100r003c00"
      },
      {
        "model": "xh622 v3 server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "v100r003c00"
      },
      {
        "model": "rh1288 v3 server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "v100r003c00"
      },
      {
        "model": "rh2288h v3 server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "v100r003c00"
      },
      {
        "model": "xh620 v3 server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "v100r003c00"
      },
      {
        "model": "rh1288 v100r003c00",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "rh2288 v100r003c00",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "rh2288h v100r003c00",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "xh620 v100r003c00",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "xh622 v100r003c00",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "xh628 v100r003c00",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "rh1288 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rh1288 v3",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "v100r003c00spc613"
      },
      {
        "model": "rh2288 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rh2288 v3",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "v100r003c00spc617"
      },
      {
        "model": "rh2288h v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rh2288h v3",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "v100r003c00spc515"
      },
      {
        "model": "xh620 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xh620 v3",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "v100r003c00spc610"
      },
      {
        "model": "xh622 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xh622 v3",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "v100r003c00spc610"
      },
      {
        "model": "xh628 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xh628 v3",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "v100r003c00spc610"
      },
      {
        "model": "rh5885 v100r003c01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "ch242 v100r001c00",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "xh628 v100r003c00spc610",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "xh622 v100r003c00spc610",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "xh620 v100r003c00spc610",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "rh2288h v100r003c00spc515",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "rh2288 v100r003c00spc617",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v3"
      },
      {
        "model": "rh1288 v100r003c00spc613",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "v3"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06460"
      },
      {
        "db": "BID",
        "id": "92504"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-326"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6825"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:huawei:rh1288_v3_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:rh1288_v3_server_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:rh2288_v3_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:rh2288_v3_server_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:rh2288h_v3_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:rh2288h_v3_server_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:xh620_v3_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:xh620_v3_server_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:xh622_v3_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:xh622_v3_server_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:xh628_v3_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:xh628_v3_server_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "92504"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-6825",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-6825",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-06460",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-95645",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-6825",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-6825",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-6825",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-06460",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-326",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95645",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06460"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95645"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-326"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6825"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to \"lack of authentication protection mechanisms.\". plural Huawei Product software includes \" Missing authentication protection mechanism \" There is a vulnerability in password acquisition due to incomplete processing. Supplementary information : CWE Vulnerability type by CWE-285: Improper Authorization ( Inappropriate authentication ) Has been identified. http://cwe.mitre.org/data/definitions/285.htmlRound robin by a third party (brute-force) A password may be obtained through an attack. Huawei is a Chinese provider of information and communication solutions. An authentication bypass vulnerability exists in multiple Huawei servers, and an attacker can exploit this vulnerability to bypass the authentication mechanism. Huawei XH628 and others are all servers of China Huawei (Huawei). There are brute force cracking attack vulnerabilities in several Huawei servers. A remote attacker could exploit this vulnerability to obtain passwords through a brute force attack. The following products and versions are affected: Huawei XH620 V3, XH622 V3, XH628 V3 earlier than V100R003C00SPC610, RH1288 V3 earlier than V100R003C00SPC613, RH2288 V3 earlier than V100R003C00SPC617, and RH2288H V3 earlier than V100R003C",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6825"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-06460"
      },
      {
        "db": "BID",
        "id": "92504"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95645"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6825",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "92504",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004561",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-326",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-06460",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "34589",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-95645",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06460"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95645"
      },
      {
        "db": "BID",
        "id": "92504"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-326"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6825"
      }
    ]
  },
  "id": "VAR-201609-0566",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06460"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95645"
      }
    ],
    "trust": 1.4653273749999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06460"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:25:08.596000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20160817-01-server",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en"
      },
      {
        "title": "Multiple Huawei server authentication bypass vulnerability patches",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/80577"
      },
      {
        "title": "Multiple Huawei Product brute force cracking repair measures",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63693"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-326"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-285",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95645"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6825"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/92504"
      },
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6825"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6825"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/34589"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160817-01-server-en"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06460"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95645"
      },
      {
        "db": "BID",
        "id": "92504"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-326"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6825"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06460"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95645"
      },
      {
        "db": "BID",
        "id": "92504"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-326"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6825"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-06460"
      },
      {
        "date": "2016-09-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95645"
      },
      {
        "date": "2016-08-17T00:00:00",
        "db": "BID",
        "id": "92504"
      },
      {
        "date": "2016-09-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      },
      {
        "date": "2016-08-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-326"
      },
      {
        "date": "2016-09-07T19:28:14.503000",
        "db": "NVD",
        "id": "CVE-2016-6825"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-06460"
      },
      {
        "date": "2016-09-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95645"
      },
      {
        "date": "2016-08-17T00:00:00",
        "db": "BID",
        "id": "92504"
      },
      {
        "date": "2016-09-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      },
      {
        "date": "2016-09-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-326"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-6825"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-326"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Huawei Vulnerability in obtaining password in product software",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004561"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-326"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-06460

Vulnerability from cnvd - Published: 2016-08-20

Title

多个Huawei服务器身份验证绕过漏洞

Description

华为是中国一家从事信息与通信解决方案的供应商。多个华为服务器存在身份验证绕过漏洞，攻击者利用此漏洞可绕过身份验证机制。

Severity

中

Patch Name

多个Huawei服务器身份验证绕过漏洞的补丁

Patch Description

华为是中国一家从事信息与通信解决方案的供应商。多个华为服务器存在身份验证绕过漏洞，攻击者利用此漏洞可绕过身份验证机制。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://support.huawei.com/enterprise/

Reference

http://www.securityfocus.com/bid/92504

Impacted products

Name
['Huawei RH1288 V3 V100R003C00', 'Huawei RH2288 V3 V100R003C00', 'Huawei RH2288H V3 V100R003C00', 'Huawei XH620 V3 V100R003C00', 'Huawei XH622 V3 V100R003C00', 'Huawei XH628 V3 V100R003C00', 'Huawei RH5885 V3 V100R003C01', 'Huawei CH242 V3 V100R001C00']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "92504"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6825"
    }
  },
  "description": "\u534e\u4e3a\u662f\u4e2d\u56fd\u4e00\u5bb6\u4ece\u4e8b\u4fe1\u606f\u4e0e\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u7684\u4f9b\u5e94\u5546\u3002\r\n\r\n\u591a\u4e2a\u534e\u4e3a\u670d\u52a1\u5668\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://support.huawei.com/enterprise/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-06460",
  "openTime": "2016-08-20",
  "patchDescription": "\u534e\u4e3a\u662f\u4e2d\u56fd\u4e00\u5bb6\u4ece\u4e8b\u4fe1\u606f\u4e0e\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u7684\u4f9b\u5e94\u5546\u3002\r\n\r\n\u591a\u4e2a\u534e\u4e3a\u670d\u52a1\u5668\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u4e2aHuawei\u670d\u52a1\u5668\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei RH1288 V3 V100R003C00",
      "Huawei RH2288 V3 V100R003C00",
      "Huawei RH2288H V3 V100R003C00",
      "Huawei XH620 V3 V100R003C00",
      "Huawei XH622 V3 V100R003C00",
      "Huawei XH628 V3 V100R003C00",
      "Huawei RH5885 V3 V100R003C01",
      "Huawei CH242 V3 V100R001C00"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/92504",
  "serverity": "\u4e2d",
  "submitTime": "2016-08-19",
  "title": "\u591a\u4e2aHuawei\u670d\u52a1\u5668\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

GHSA-9MVX-MP3H-CM56

Vulnerability from github – Published: 2022-05-17 03:49 – Updated: 2022-05-17 03:49

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-07T19:28:00Z",
    "severity": "CRITICAL"
  },
  "details": "Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to \"lack of authentication protection mechanisms.\"",
  "id": "GHSA-9mvx-mp3h-cm56",
  "modified": "2022-05-17T03:49:10Z",
  "published": "2022-05-17T03:49:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6825"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92504"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-6825

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6825

Aliases

CVE-2016-6825

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6825",
    "description": "Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to \"lack of authentication protection mechanisms.\"",
    "id": "GSD-2016-6825"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6825"
      ],
      "details": "Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to \"lack of authentication protection mechanisms.\"",
      "id": "GSD-2016-6825",
      "modified": "2023-12-13T01:21:23.754343Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-6825",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to \"lack of authentication protection mechanisms.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en"
          },
          {
            "name": "92504",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/92504"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:rh1288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:rh2288h_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:xh620_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:xh622_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:xh628_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:rh2288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:rh2288_v3_server:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:rh1288_v3_server:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:xh628_v3_server:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:xh620_v3_server:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:xh622_v3_server:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:rh2288h_v3_server:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-6825"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to \"lack of authentication protection mechanisms.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-285"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en"
            },
            {
              "name": "92504",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/92504"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-09-08T19:39Z",
      "publishedDate": "2016-09-07T19:28Z"
    }
  }
}

FKIE_CVE-2016-6825

Vulnerability from fkie_nvd - Published: 2016-09-07 19:28 - Updated: 2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/92504	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92504	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
huawei	rh1288_v3_server_firmware	v100r003c00
huawei	rh2288_v3_server_firmware	v100r003c00
huawei	rh2288h_v3_server_firmware	v100r003c00
huawei	xh620_v3_server_firmware	v100r003c00
huawei	xh622_v3_server_firmware	v100r003c00
huawei	xh628_v3_server_firmware	v100r003c00
huawei	rh1288_v3_server	-
huawei	rh2288_v3_server	-
huawei	rh2288h_v3_server	-
huawei	xh620_v3_server	-
huawei	xh622_v3_server	-
huawei	xh628_v3_server	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:rh1288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7DF842-021C-422A-BCE5-17BEE7FAA950",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:rh2288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "93439764-5BA1-49B0-B337-5C2C62C3A962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:rh2288h_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "33CE73B9-21F6-4175-9C60-159F862B98B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:xh620_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C5F600-30B6-4098-B0C5-E20A722957A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:xh622_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "91123A12-63C1-422F-86C5-C0A6E2C1E8C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:xh628_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "443F96DD-C3E8-4A8C-8FFC-D8E750DFDCB2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:rh1288_v3_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF7BCC07-7475-48F0-BF51-C86B8548AE62",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:huawei:rh2288_v3_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04129772-90A9-4FD1-935F-08EEF6D06A3B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:huawei:rh2288h_v3_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20FCB034-2A59-406F-A7B7-0C098E360E17",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:huawei:xh620_v3_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51480E77-61B8-4F1B-8FAE-E4ADF3279999",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:huawei:xh622_v3_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED6D095D-5546-44BE-A8FD-4C22EC297AF9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:huawei:xh628_v3_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB59F25-E2C1-4017-8875-BE60C540F2B1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to \"lack of authentication protection mechanisms.\""
    },
    {
      "lang": "es",
      "value": "Servidores Huawei XH620 V3, XH622 V3 y XH628 V3 con software en versiones anteriores a V100R03C00SPC610, servidores RH1288 V3 con software en versiones anteriores a V100R003C00SPC613, servidores RH2288 V3 con software en versiones anteriores a V100R003C00SPC617 y servidores RH2288H V3 con software en versiones anteriores a V100R003C00SPC515 permite a atacantes remotos obtener contrase\u00f1as a trav\u00e9s de un ataque de fuerza bruta, relacionado con \"la falta de mecanismos de protecci\u00f3n de autenticaci\u00f3n\"."
    }
  ],
  "id": "CVE-2016-6825",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-09-07T19:28:14.503",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92504"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6825 (GCVE-0-2016-6825)

VAR-201609-0566

CNVD-2016-06460

GHSA-9MVX-MP3H-CM56

GSD-2016-6825

FKIE_CVE-2016-6825

Tags

Sightings

Nomenclature