VAR-201411-0417
Vulnerability from variot - Updated: 2025-04-13 23:31Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. Huawei HiLink is a new and simpler network card that Huawei has introduced. Huawei HiLink E3236 and E3276 are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Both Huawei HiLink E3276 and E3236 are USB modem products of the Chinese Huawei (Huawei). Cross-site request forgery vulnerabilities exist in several Huawei HiLink products. The following products and versions are affected: Huawei HiLink E3276 and E3236 TCPPU versions prior to V200R002B470D13SP00C00, WebUI versions prior to V100R007B100D03SP01C03, versions prior to E5180s-22 21.270.21.00.00, and versions prior to E586Bs-2 21.322.1089.00.8
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e3236",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "webui-13.100.10.00.03"
},
{
"model": "e3276",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "webui-13.100.09.00.03"
},
{
"model": "e3276",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "e3276s-150tcpu-22.265.03.00.00"
},
{
"model": "e3236",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "e3236s-2tcpu-22.146.29.00.00"
},
{
"model": "e5180s-22",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "e5180s-22tcpu-21.270.05.01.00"
},
{
"model": "e586bs-2",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "e586bs-2tcpu-21.322.08.00.889"
},
{
"model": "e3236",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "e3236stcpu-v200r002b146d41sp00c00"
},
{
"model": "e3236",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "e3236swebui-v100r007b100d03sp01c03"
},
{
"model": "e3276",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "e3276stcpu-v200r002b470d13sp00c00"
},
{
"model": "e3276",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "e3276swebui-v100r007b100d03sp01c03"
},
{
"model": "e5180s-22",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "e5180s-22b710c0update_21.270.21.00.00.gz"
},
{
"model": "e586bs-2",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "21.322.10.00.889"
},
{
"model": "e3236",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "e3276",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "e3236",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "webui-13.100.10.00.03"
},
{
"model": "e3276",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "e3276s-150tcpu-22.265.03.00.00"
},
{
"model": "e586bs-2",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "e586bs-2tcpu-21.322.08.00.889"
},
{
"model": "e5180s-22",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "e5180s-22tcpu-21.270.05.01.00"
},
{
"model": "e3236",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "e3236s-2tcpu-22.146.29.00.00"
},
{
"model": "e3276",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "webui-13.100.09.00.03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08586"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005595"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-133"
},
{
"db": "NVD",
"id": "CVE-2014-5395"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:e3236_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:e3276_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:e5180s-22_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:e586bs-2_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005595"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andreas Lindh",
"sources": [
{
"db": "BID",
"id": "69162"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-133"
}
],
"trust": 0.9
},
"cve": "CVE-2014-5395",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-5395",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-08586",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-73336",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5395",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5395",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-08586",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-133",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73336",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08586"
},
{
"db": "VULHUB",
"id": "VHN-73336"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005595"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-133"
},
{
"db": "NVD",
"id": "CVE-2014-5395"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. Huawei HiLink is a new and simpler network card that Huawei has introduced. Huawei HiLink E3236 and E3276 are prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Both Huawei HiLink E3276 and E3236 are USB modem products of the Chinese Huawei (Huawei). Cross-site request forgery vulnerabilities exist in several Huawei HiLink products. The following products and versions are affected: Huawei HiLink E3276 and E3236 TCPPU versions prior to V200R002B470D13SP00C00, WebUI versions prior to V100R007B100D03SP01C03, versions prior to E5180s-22 21.270.21.00.00, and versions prior to E586Bs-2 21.322.1089.00.8",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5395"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005595"
},
{
"db": "CNVD",
"id": "CNVD-2014-08586"
},
{
"db": "BID",
"id": "69162"
},
{
"db": "VULHUB",
"id": "VHN-73336"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-73336",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73336"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5395",
"trust": 3.4
},
{
"db": "BID",
"id": "69162",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "46092",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005595",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-133",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-08586",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "151030",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-73336",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08586"
},
{
"db": "VULHUB",
"id": "VHN-73336"
},
{
"db": "BID",
"id": "69162"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005595"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-133"
},
{
"db": "NVD",
"id": "CVE-2014-5395"
}
]
},
"id": "VAR-201411-0417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08586"
},
{
"db": "VULHUB",
"id": "VHN-73336"
}
],
"trust": 1.2982143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08586"
}
]
},
"last_update_date": "2025-04-13T23:31:36.785000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20140806-01-HiLink",
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm"
},
{
"title": "Huawei HiLink E3236/E3276 Patch for Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/52328"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08586"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005595"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73336"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005595"
},
{
"db": "NVD",
"id": "CVE-2014-5395"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/69162"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm"
},
{
"trust": 1.4,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5395"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/46092/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5395"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08586"
},
{
"db": "VULHUB",
"id": "VHN-73336"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005595"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-133"
},
{
"db": "NVD",
"id": "CVE-2014-5395"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-08586"
},
{
"db": "VULHUB",
"id": "VHN-73336"
},
{
"db": "BID",
"id": "69162"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005595"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-133"
},
{
"db": "NVD",
"id": "CVE-2014-5395"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08586"
},
{
"date": "2014-11-21T00:00:00",
"db": "VULHUB",
"id": "VHN-73336"
},
{
"date": "2014-08-08T00:00:00",
"db": "BID",
"id": "69162"
},
{
"date": "2014-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005595"
},
{
"date": "2014-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-133"
},
{
"date": "2014-11-21T15:59:00.087000",
"db": "NVD",
"id": "CVE-2014-5395"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08586"
},
{
"date": "2019-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-73336"
},
{
"date": "2014-11-24T00:57:00",
"db": "BID",
"id": "69162"
},
{
"date": "2014-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005595"
},
{
"date": "2014-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-133"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-5395"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-133"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Product cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005595"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-133"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…