var-201403-0130
Vulnerability from variot
The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings. Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. (CWE-425). Huawei Provided by E355 Vulnerabilities allow information to be viewed and settings changed without authentication (CWE-425) Exists. Huawei E355 is a home SOHO router device. Huawei E355 has information disclosure and cross-site request forgery vulnerabilities. By directly accessing the /api script, an attacker can exploit the vulnerability to obtain sensitive information. In addition, a malicious URI is constructed to entice the user to resolve and perform malicious operations in the target user context. Huawei E355 is prone to a security-bypass vulnerability. An attacker may bypass certain security restrictions and gain administrative access to the affected device. Huawei E355 is a 3G wireless network card of China Huawei (Huawei). The vulnerability is caused by the fact that the API page does not perform authentication operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e355",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "21.157.37.01.910"
},
{
"model": "e355",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "e355",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#341526"
},
{
"db": "CNVD",
"id": "CNVD-2014-01564"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001589"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-192"
},
{
"db": "NVD",
"id": "CVE-2013-6031"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:huawei:e355",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:e355_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001589"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jimson K James",
"sources": [
{
"db": "BID",
"id": "66017"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6031",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2013-6031",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NONE",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 0.8,
"exploitability": "UNPROVEN",
"exploitabilityScore": 5.5,
"id": "CVE-2013-6031",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "NOT DEFINED",
"reportConfidence": "UNCOFIRMED",
"severity": "MEDIUM",
"targetDistribution": "LOW",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-01564",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-66033",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6031",
"trust": 1.6,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6031",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01564",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-192",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66033",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#341526"
},
{
"db": "CNVD",
"id": "CNVD-2014-01564"
},
{
"db": "VULHUB",
"id": "VHN-66033"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001589"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-192"
},
{
"db": "NVD",
"id": "CVE-2013-6031"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings. Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. (CWE-425). Huawei Provided by E355 Vulnerabilities allow information to be viewed and settings changed without authentication (CWE-425) Exists. Huawei E355 is a home SOHO router device. Huawei E355 has information disclosure and cross-site request forgery vulnerabilities. By directly accessing the /api script, an attacker can exploit the vulnerability to obtain sensitive information. In addition, a malicious URI is constructed to entice the user to resolve and perform malicious operations in the target user context. Huawei E355 is prone to a security-bypass vulnerability. \nAn attacker may bypass certain security restrictions and gain administrative access to the affected device. Huawei E355 is a 3G wireless network card of China Huawei (Huawei). The vulnerability is caused by the fact that the API page does not perform authentication operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6031"
},
{
"db": "CERT/CC",
"id": "VU#341526"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001589"
},
{
"db": "CNVD",
"id": "CNVD-2014-01564"
},
{
"db": "BID",
"id": "66017"
},
{
"db": "VULHUB",
"id": "VHN-66033"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6031",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#341526",
"trust": 3.3
},
{
"db": "BID",
"id": "66017",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU93584370",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001589",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-192",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01564",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-61929",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66033",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#341526"
},
{
"db": "CNVD",
"id": "CNVD-2014-01564"
},
{
"db": "VULHUB",
"id": "VHN-66033"
},
{
"db": "BID",
"id": "66017"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001589"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-192"
},
{
"db": "NVD",
"id": "CVE-2013-6031"
}
]
},
"id": "VAR-201403-0130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01564"
},
{
"db": "VULHUB",
"id": "VHN-66033"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01564"
}
]
},
"last_update_date": "2024-11-23T23:12:47.425000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "E355 Features",
"trust": 0.8,
"url": "http://consumer.huawei.com/en/mobile-broadband/wingle/features/e355-en.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001589"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-425",
"trust": 0.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#341526"
},
{
"db": "VULHUB",
"id": "VHN-66033"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001589"
},
{
"db": "NVD",
"id": "CVE-2013-6031"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/aczire/huawei-csrf-info_disclosure/blob/master/huawei_wifi_info.rb"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/341526"
},
{
"trust": 0.8,
"url": "http://consumer.huawei.com/en/mobile-broadband/wingle/features/e355-en.htm"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6031"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93584370/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6031"
},
{
"trust": 0.6,
"url": "https://github.com/rapid7/metasploit-framework/pull/3019"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#341526"
},
{
"db": "CNVD",
"id": "CNVD-2014-01564"
},
{
"db": "VULHUB",
"id": "VHN-66033"
},
{
"db": "BID",
"id": "66017"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001589"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-192"
},
{
"db": "NVD",
"id": "CVE-2013-6031"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#341526"
},
{
"db": "CNVD",
"id": "CNVD-2014-01564"
},
{
"db": "VULHUB",
"id": "VHN-66033"
},
{
"db": "BID",
"id": "66017"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001589"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-192"
},
{
"db": "NVD",
"id": "CVE-2013-6031"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#341526"
},
{
"date": "2014-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01564"
},
{
"date": "2014-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-66033"
},
{
"date": "2014-03-06T00:00:00",
"db": "BID",
"id": "66017"
},
{
"date": "2014-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001589"
},
{
"date": "2014-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-192"
},
{
"date": "2014-03-11T13:00:49.623000",
"db": "NVD",
"id": "CVE-2013-6031"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#341526"
},
{
"date": "2014-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01564"
},
{
"date": "2014-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-66033"
},
{
"date": "2014-03-06T00:00:00",
"db": "BID",
"id": "66017"
},
{
"date": "2014-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001589"
},
{
"date": "2014-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-192"
},
{
"date": "2024-11-21T01:58:39.267000",
"db": "NVD",
"id": "CVE-2013-6031"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei E355 contains a direct request vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#341526"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-192"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…