CVE-2014-8331 - OpenCVE

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	E3236 Firmware E3276 Firmware

Configuration 1 [-]

OR	cpe:2.3:o:huawei:e3236_firmware:e3236s-2tcpu-22.146.29.00.00:::::::*
	cpe:2.3:o:huawei:e3236_firmware:webui-13.100.10.00.03:::::::*
	cpe:2.3:o:huawei:e3276_firmware:e3276s-150tcpu-22.265.03.00.00:::::::*
	cpe:2.3:o:huawei:e3276_firmware:webui-13.100.09.00.03:::::::*

No data.

References

Link	Providers
http://osvdb.org/show/osvdb/109885
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/95198

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-10-20T16:00:00

Updated: 2024-08-06T13:18:46.394Z

Reserved: 2014-10-20T00:00:00

Link: CVE-2014-8331

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-10-20T16:55:09.730

Modified: 2017-09-08T01:29:22.560

Link: CVE-2014-8331

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-07T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm"}, {"name": "huawei-e3276-e3236-csrf(95198)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95198"}, {"name": "109885", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/show/osvdb/109885"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8331", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm"}, {"name": "huawei-e3276-e3236-csrf(95198)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95198"}, {"name": "109885", "refsource": "OSVDB", "url": "http://osvdb.org/show/osvdb/109885"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:18:46.394Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm"}, {"name": "huawei-e3276-e3236-csrf(95198)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95198"}, {"name": "109885", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/show/osvdb/109885"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-8331", "datePublished": "2014-10-20T16:00:00", "dateReserved": "2014-10-20T00:00:00", "dateUpdated": "2024-08-06T13:18:46.394Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e3236_firmware:e3236s-2tcpu-22.146.29.00.00:*:*:*:*:*:*:*", "matchCriteriaId": "CE26DB6C-6261-470A-B47A-50DFD3D148EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:e3236_firmware:webui-13.100.10.00.03:*:*:*:*:*:*:*", "matchCriteriaId": "FB7DD61B-05B7-4F10-8EEA-7947C430A8B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:e3276_firmware:e3276s-150tcpu-22.265.03.00.00:*:*:*:*:*:*:*", "matchCriteriaId": "E604E177-BBD8-409F-8CD9-5D519533B048", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:e3276_firmware:webui-13.100.09.00.03:*:*:*:*:*:*:*", "matchCriteriaId": "4D09DBD3-BC3A-4C08-9F15-D6E002F931D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de CSRF en Huawei HiLink E3236 anterior a E3276sTCPU-V200R002B470D13SP00C00 y E3276sWebUI-V100R007B100D03SP01C03 y E3276 anterior a E3236sTCPU-V200R002B146D41SP00C00 y E3236sWebUI-V100R007B100D03SP01C03 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que (1) cambian los ajustes de configuraci\u00f3n o (2) utilizan las funciones de dispositivos."}], "id": "CVE-2014-8331", "lastModified": "2017-09-08T01:29:22.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-10-20T16:55:09.730", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/show/osvdb/109885"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95198"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}