Sign-up

ID

VAR-E-201307-0359


CVE

cve_id:CVE-2013-2612

Trust: 0.5

sources: PACKETSTORM: 122408

TITLE

Huawei E587 3G Mobile Hotspot Command Injection

Trust: 0.5

sources: PACKETSTORM: 122408

DESCRIPTION

Huawei E587 3G Mobile Hotspot version 11.203.27 is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute arbitrary commands with root privileges.

Trust: 0.5

sources: PACKETSTORM: 122408

AFFECTED PRODUCTS

vendor:huaweimodel:e587 3g mobile hotspotscope: - version: -

Trust: 0.5

sources: PACKETSTORM: 122408

EXPLOIT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection
________________________________________________________________________
Summary:
Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command
injection vulnerability in the Web UI.

Successful exploitation allows unauthenticated attackers to execute
arbitrary commands with root privileges.
________________________________________________________________________
Details:
The HTTP endpoint "/api/device/time" in Web UI is vulnerable to shell
command injection. This allows code execution with root privileges.
________________________________________________________________________
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
________________________________________________________________________
Disclosure Timeline:
2013-03-18 Vendor notified
2013-03-18 CVE-2013-2612 assigned
2013-07-15 Public advisory
________________________________________________________________________
References:
http://www.huawei.com/en/security/psirt/
________________________________________________________________________
Frédéric Basse
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJR48qZAAoJENQ4kG3hg80AJMEH/Rdyx2zmDPzr2Ar5Nc+Fw1ih
aiby28PhIKfXhAst2SrkIp6ogtDEj+PBrgbEy2YJlyKi01z1Uf2UGukxijlQTg7H
0zYivz55vleBrr9OD/A2pxo7sZZy7eswH5jia5abRUVXYYqEVWYp5KWvzbMPO3CY
EgLYxE4uv00ojqHCl9QsD7oa+mR52Jur3QZ/IdCbJJZgmEKmwNJvJ8rb6RvTMcae
+8dWhC8bhfL3UkTW5snYZ4K/euA84LmGvcfd1PXrMAX01xXDdnPJ/JxrzSPLfb1x
6WyZO6cZpgxQqvogemXKOy2MmnNkWlkK0P9OmmDpBQBI66WnyBUxXNFxEr/HFKo=
=6yIl
-----END PGP SIGNATURE-----

Trust: 0.5

sources: PACKETSTORM: 122408

EXPLOIT HASH

LOCAL

SOURCE

md5: 656cc729ae0243fd7539ac4c1a507dc1
sha-1: a2a1a9a05c2b2173bdb7db43e2fc680522e6d468
sha-256: a1277a086994c77c5b27fe6d4cf723c3ea4f7b25c8d585ca62eb686634443540
md5: 656cc729ae0243fd7539ac4c1a507dc1

Trust: 0.5

sources: PACKETSTORM: 122408

PRICE

free

Trust: 0.5

sources: PACKETSTORM: 122408

TYPE

arbitrary, root

Trust: 0.5

sources: PACKETSTORM: 122408

TAGS

tag:exploit

Trust: 0.5

tag:web

Trust: 0.5

tag:arbitrary

Trust: 0.5

tag:root

Trust: 0.5

sources: PACKETSTORM: 122408

CREDITS

Frederic Basse

Trust: 0.5

sources: PACKETSTORM: 122408

EXTERNAL IDS

db:NVDid:CVE-2013-2612

Trust: 0.5

db:PACKETSTORMid:122408

Trust: 0.5

sources: PACKETSTORM: 122408

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2013-2612

Trust: 0.5

sources: PACKETSTORM: 122408

SOURCES

db:PACKETSTORMid:122408

LAST UPDATE DATE

2022-07-27T09:54:24.361000+00:00


SOURCES RELEASE DATE

db:PACKETSTORMid:122408date:2013-07-15T17:21:11