CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2013-4631 – Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities (PoC)
https://notcve.org/view.php?id=CVE-2013-4631
Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues. Los router Huawei AR 150, 200, 1200, 2200, y 3200, cuando SNMPv3 está habilitado, permite a atacantes remotos causar una denegación de servicios (caída del dispositivo) a través de peticiones SNMPv3 malformadas que aprovechan problemas de desbordamiento no especificados. • https://www.exploit-db.com/exploits/25295 http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-260601.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 2%CPEs: 15EXPL: 2CVE-2013-4630 – Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities (PoC)
https://notcve.org/view.php?id=CVE-2013-4630
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests. Desbordamiento de búfer basado en pila en los router Huawei AR 150, 200, 1200, 2200, y 3200, cuando el depurado SNMPv3 está habilitado, permite a atacantes remotos ejecutar código a través de peticiones SNMPv3 malformadas. • https://www.exploit-db.com/exploits/25295 http://www.exploit-db.com/exploits/25295 http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-260626.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 19EXPL: 0CVE-2012-6569
https://notcve.org/view.php?id=CVE-2012-6569
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI. Desbordamiento de búfer basado en pila en el módulo HTTP en el (1) Branch Intelligent Management System (BIMS) y (2) en el componente de gestión web en Huawei AR routers y switches S2000, S3000, S3500, S3900, S5100, S5600, S7800, y S8500 permite a atacantes remotos ejecutar código arbitrario mediante una URI de gran longitud. • http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2012-6570
https://notcve.org/view.php?id=CVE-2012-6570
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response. El módulo HTTP en (1) Branch Intelligent Management System (BIMS) y (2) componentes de gestión web de switches de Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, y S8500 no comprueba si los datos HTTP son mayores que el valor del campo Content-Length, que permite a los servidores HTTP remotos realizar ataques de desbordamiento de búfer basado en montículo y ejecutar código arbitrario a través de una respuesta elaborada. • http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2012-6571
https://notcve.org/view.php?id=CVE-2012-6571
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. El módulo HTTP en el (1) Branch Intelligent Management System (BIMS) y (2) gestión web de componentes para switches Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 usa valores de Session ID predecibles lo que hace más fácil a atacantes remotos secuestrar la sesión a través de ataques de fuerza bruta. • http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm • CWE-310: Cryptographic Issues •