CVSS: 9.3EPSS: 2%CPEs: 19EXPL: 0CVE-2012-6569
https://notcve.org/view.php?id=CVE-2012-6569
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI. Desbordamiento de búfer basado en pila en el módulo HTTP en el (1) Branch Intelligent Management System (BIMS) y (2) en el componente de gestión web en Huawei AR routers y switches S2000, S3000, S3500, S3900, S5100, S5600, S7800, y S8500 permite a atacantes remotos ejecutar código arbitrario mediante una URI de gran longitud. • http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2012-6571
https://notcve.org/view.php?id=CVE-2012-6571
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. El módulo HTTP en el (1) Branch Intelligent Management System (BIMS) y (2) gestión web de componentes para switches Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 usa valores de Session ID predecibles lo que hace más fácil a atacantes remotos secuestrar la sesión a través de ataques de fuerza bruta. • http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 107EXPL: 1CVE-2012-4960 – Huawei (Multiple Products) - Password Encryption
https://notcve.org/view.php?id=CVE-2012-4960
The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. Los Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, y NIP5100 utiliza el algoritmo DES para las contraseñas almacenados, lo que hace que sea más fácil para los atacantes dependientes de contexto obtener contraseñas de texto simple a través de un ataque de fuerza bruta. • https://www.exploit-db.com/exploits/38020 http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194373.htm http://www.kb.cert.org/vuls/id/948096 • CWE-310: Cryptographic Issues •