Details of VAR-201002-0313

ID

VAR-201002-0313

TITLE

Huawei HG510 Secure Bypass and Cross-Site Script Request Forgery Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-0259

DESCRIPTION

Huawei HG510 is a terminal device for home digital networks that provides ADSL connectivity. The Huawei HG510 has a security vulnerability that allows an attacker to bypass security restrictions and perform cross-site request forgery attacks: - The device does not perform any security checks to allow the user to perform some operations through HTTP requests, such as rebooting the device or changing settings (including passwords). - The device does not properly restrict access to the script rebootinfo.cgi, and can directly access the script to restart the device. Note that this also attacks through cross-site request forgery attacks. ---------------------------------------------------------------------- Public Beta of CSI and WSUS Integration http://secunia.com/blog/74 ---------------------------------------------------------------------- TITLE: Huawei HG510 Security Bypass and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA38591 VERIFY ADVISORY: http://secunia.com/advisories/38591/ DESCRIPTION: Ivan Markovic has reported some vulnerabilities in Huawei HG510, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks. This can be exploited to e.g. reboot the device or change certain settings (including passwords). Do not browse untrusted websites or follow untrusted links while logged in to the device. PROVIDED AND/OR DISCOVERED BY: Ivan Markovic, Network Security Solutions ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-02/0155.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.63

sources: CNVD: CNVD-2010-0259 // PACKETSTORM: 86609

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-0259

AFFECTED PRODUCTS

vendor:

huawei

model:

scope:

version:

510

Trust: 0.6

sources: CNVD: CNVD-2010-0259

TYPE

csrf

Trust: 0.1

sources: PACKETSTORM: 86609

EXTERNAL IDS

db:	SECUNIA	id:	38591	Trust: 0.7
db:	CNVD	id:	CNVD-2010-0259	Trust: 0.6
db:	PACKETSTORM	id:	86609	Trust: 0.1

sources: CNVD: CNVD-2010-0259 // PACKETSTORM: 86609

REFERENCES

url:	http://secunia.com/advisories/38591/	Trust: 0.7
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://archives.neohapsis.com/archives/bugtraq/2010-02/0155.html	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/blog/74	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2010-0259 // PACKETSTORM: 86609

CREDITS

Secunia

Trust: 0.1

sources: PACKETSTORM: 86609

SOURCES

db:	CNVD	id:	CNVD-2010-0259
db:	PACKETSTORM	id:	86609

LAST UPDATE DATE

2022-05-17T02:08:22.493000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2010-0259

date:

2010-02-22T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-0259	date:	2010-02-22T00:00:00
db:	PACKETSTORM	id:	86609	date:	2010-02-23T17:05:22