VAR-201606-0456
Vulnerability from variot - Updated: 2025-04-12 23:36Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051. Huawei Honor WS851 The router software contains a stack-based buffer overflow vulnerability. Vendors have confirmed this vulnerability HWPSIRT-2016-05051 It is released as.By a third party root An arbitrary command may be executed with authority. HuaweiWS851 is a wireless router product from China's Huawei company. A security vulnerability exists in versions prior to HuaweiWS8511.1.21.1 that caused the program to fail to check parameters. An attacker could exploit this vulnerability to trigger a stack overflow, remotely gain root privileges, and execute the shell. Attackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Huawei Honor WS851 Routers running firmware versions 1.1.21.1 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0456",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "honor ws851",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "1.1.21.1"
},
{
"model": "ws851",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws851",
"scope": "lte",
"trust": 0.8,
"vendor": "huawei",
"version": "1.1.21.1"
},
{
"model": "honor ws851",
"scope": "lte",
"trust": 0.6,
"vendor": "huawei",
"version": "\u003c=1.1.21.1"
},
{
"model": "honor ws851",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04034"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003163"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-305"
},
{
"db": "NVD",
"id": "CVE-2016-5365"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:huawei:honor_ws851",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:honor_ws851_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003163"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yang Kun",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-305"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5365",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5365",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04034",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-94184",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5365",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5365",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5365",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-04034",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-305",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94184",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5365",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04034"
},
{
"db": "VULHUB",
"id": "VHN-94184"
},
{
"db": "VULMON",
"id": "CVE-2016-5365"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003163"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-305"
},
{
"db": "NVD",
"id": "CVE-2016-5365"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051. Huawei Honor WS851 The router software contains a stack-based buffer overflow vulnerability. Vendors have confirmed this vulnerability HWPSIRT-2016-05051 It is released as.By a third party root An arbitrary command may be executed with authority. HuaweiWS851 is a wireless router product from China\u0027s Huawei company. A security vulnerability exists in versions prior to HuaweiWS8511.1.21.1 that caused the program to fail to check parameters. An attacker could exploit this vulnerability to trigger a stack overflow, remotely gain root privileges, and execute the shell. \nAttackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nHuawei Honor WS851 Routers running firmware versions 1.1.21.1 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5365"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003163"
},
{
"db": "CNVD",
"id": "CNVD-2016-04034"
},
{
"db": "BID",
"id": "91210"
},
{
"db": "VULHUB",
"id": "VHN-94184"
},
{
"db": "VULMON",
"id": "CVE-2016-5365"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5365",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003163",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-305",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04034",
"trust": 0.6
},
{
"db": "BID",
"id": "91210",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-94184",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5365",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04034"
},
{
"db": "VULHUB",
"id": "VHN-94184"
},
{
"db": "VULMON",
"id": "CVE-2016-5365"
},
{
"db": "BID",
"id": "91210"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003163"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-305"
},
{
"db": "NVD",
"id": "CVE-2016-5365"
}
]
},
"id": "VAR-201606-0456",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04034"
},
{
"db": "VULHUB",
"id": "VHN-94184"
}
],
"trust": 1.2890226
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04034"
}
]
},
"last_update_date": "2025-04-12T23:36:52.917000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160607-01-honorrouter (HWPSIRT-2016-05051\uff09",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-en"
},
{
"title": "HuaweiWS851 Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/77540"
},
{
"title": "Huawei WS851 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62255"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04034"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003163"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-305"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94184"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003163"
},
{
"db": "NVD",
"id": "CVE-2016-5365"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-cn"
},
{
"trust": 1.2,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5365"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5365"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/91210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04034"
},
{
"db": "VULHUB",
"id": "VHN-94184"
},
{
"db": "VULMON",
"id": "CVE-2016-5365"
},
{
"db": "BID",
"id": "91210"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003163"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-305"
},
{
"db": "NVD",
"id": "CVE-2016-5365"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04034"
},
{
"db": "VULHUB",
"id": "VHN-94184"
},
{
"db": "VULMON",
"id": "CVE-2016-5365"
},
{
"db": "BID",
"id": "91210"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003163"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-305"
},
{
"db": "NVD",
"id": "CVE-2016-5365"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04034"
},
{
"date": "2016-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-94184"
},
{
"date": "2016-06-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5365"
},
{
"date": "2016-06-07T00:00:00",
"db": "BID",
"id": "91210"
},
{
"date": "2016-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003163"
},
{
"date": "2016-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-305"
},
{
"date": "2016-06-14T14:59:03.743000",
"db": "NVD",
"id": "CVE-2016-5365"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04034"
},
{
"date": "2016-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-94184"
},
{
"date": "2016-06-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5365"
},
{
"date": "2016-07-06T14:59:00",
"db": "BID",
"id": "91210"
},
{
"date": "2016-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003163"
},
{
"date": "2016-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-305"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5365"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-305"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Honor WS851 Router software stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003163"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-305"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…