Sign-up

ID

VAR-201212-0171


CVE

CVE-2012-5968


TITLE

Huawei E585 pocket wifi 2 device contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#871148

DESCRIPTION

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network. The Huawei E585 pocket wifi 2 device contains multiple vulnerabilities which could allow an attacker to perform administrative functions on the device. Huawei E585 is a WiFi 3G wireless routing device. Huawei E585 failed to properly check the login status of the management session, which can cause an attacker to bypass management authorization authentication, access protected files, and configure devices. This vulnerability cannot be exploited through the WAN side. Huawei E585 is prone to a denial-of-service vulnerability, a directory-traversal vulnerability, and a security-bypass vulnerability. Attackers can exploit these issues to retrieve and overwrite arbitrary files, perform denial-of-service attacks, bypass certain security restrictions, and gain unauthorized access; this will aid in further attacks. Huawei E585 is a high-speed wireless network access modem produced by China Huawei (Huawei). A vulnerability exists in the Huawei E585 device due to the fact that the device does not authenticate the state of the management session. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Huawei E585 Management Interface Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51596 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51596/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51596 RELEASE DATE: 2012-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/51596/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51596/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51596 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Huawei E585, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and cause a DoS (Denial of Service). 2) An error within the web management interface when processing certain web requests can be exploited to access arbitrary files via directory traversal sequences. 3) A NULL pointer dereference error within the web management interface when processing certain web requests can be exploited to cause a crash. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.33

sources: NVD: CVE-2012-5968 // CERT/CC: VU#871148 // JVNDB: JVNDB-2012-005762 // CNVD: CNVD-2012-7489 // BID: 56927 // VULHUB: VHN-59249 // PACKETSTORM: 118858

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-7489

AFFECTED PRODUCTS

vendor:huaweimodel:e585scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:e585u-82scope:eqversion: -

Trust: 1.6

vendor:huaweimodel: - scope: - version: -

Trust: 0.8

vendor:huaweimodel:e585scope: - version: -

Trust: 0.8

vendor:huaweimodel:e585u-82scope: - version: -

Trust: 0.8

vendor:huaweimodel:e585 pocket wifi devicescope:eqversion:2

Trust: 0.6

sources: CERT/CC: VU#871148 // CNVD: CNVD-2012-7489 // JVNDB: JVNDB-2012-005762 // CNNVD: CNNVD-201212-214 // NVD: CVE-2012-5968

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5968
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-5968
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201212-214
value: MEDIUM

Trust: 0.6

VULHUB: VHN-59249
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-5968
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-59249
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-59249 // JVNDB: JVNDB-2012-005762 // CNNVD: CNNVD-201212-214 // NVD: CVE-2012-5968

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-59249 // JVNDB: JVNDB-2012-005762 // NVD: CVE-2012-5968

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201212-214

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201212-214

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005762

PATCH
title:Top Pageurl:http://www.huawei.com/jp/
Trust: 0.8
title:Huawei-SA-20121124-1-E585url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
Trust: 0.8
title:Huawei E585 pocket wifi 2 device authorization verification to bypass the vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/26539
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-7489 // 
            
            
            
            JVNDB: JVNDB-2012-005762

EXTERNAL IDS
db:CERT/CCid:VU#871148
Trust: 4.2
db:NVDid:CVE-2012-5968
Trust: 3.4
db:BIDid:56927
Trust: 0.9
db:JVNid:JVNVU92360060
Trust: 0.8
db:JVNDBid:JVNDB-2012-005762
Trust: 0.8
db:CNNVDid:CNNVD-201212-214
Trust: 0.7
db:SECUNIAid:51596
Trust: 0.7
db:CNVDid:CNVD-2012-7489
Trust: 0.6
db:VULHUBid:VHN-59249
Trust: 0.1
db:PACKETSTORMid:118858
Trust: 0.1
sources:
            
            
            CERT/CC: VU#871148 // 
            
            
            
            CNVD: CNVD-2012-7489 // 
            
            
            
            VULHUB: VHN-59249 // 
            
            
            
            BID: 56927 // 
            
            
            
            JVNDB: JVNDB-2012-005762 // 
            
            
            
            PACKETSTORM: 118858 // 
            
            
            
            CNNVD: CNNVD-201212-214 // 
            
            
            
            NVD: CVE-2012-5968

REFERENCES
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
Trust: 2.9
url:http://www.kb.cert.org/vuls/id/871148
Trust: 2.8
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5968
Trust: 0.8
url:http://jvn.jp/cert/jvnvu92360060/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5968
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/871148http
Trust: 0.6
url:http://secunia.com/advisories/51596
Trust: 0.6
url:http://www.securityfocus.com/bid/56927
Trust: 0.6
url:http://www.huaweidevice.com/worldwide/
Trust: 0.3
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=51596
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/51596/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/blog/325/
Trust: 0.1
url:http://secunia.com/advisories/51596/#comments
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#871148 // 
            
            
            
            CNVD: CNVD-2012-7489 // 
            
            
            
            VULHUB: VHN-59249 // 
            
            
            
            BID: 56927 // 
            
            
            
            JVNDB: JVNDB-2012-005762 // 
            
            
            
            PACKETSTORM: 118858 // 
            
            
            
            CNNVD: CNNVD-201212-214 // 
            
            
            
            NVD: CVE-2012-5968

CREDITS
John Bird
Trust: 0.9
sources:
            
            
            BID: 56927 // 
            
            
            
            CNNVD: CNNVD-201212-214

SOURCES
db:CERT/CCid:VU#871148
db:CNVDid:CNVD-2012-7489
db:VULHUBid:VHN-59249
db:BIDid:56927
db:JVNDBid:JVNDB-2012-005762
db:PACKETSTORMid:118858
db:CNNVDid:CNNVD-201212-214
db:NVDid:CVE-2012-5968

LAST UPDATE DATE
2025-04-11T23:05:42.347000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#871148date:2012-12-13T00:00:00
db:CNVDid:CNVD-2012-7489date:2012-12-17T00:00:00
db:VULHUBid:VHN-59249date:2013-01-29T00:00:00
db:BIDid:56927date:2015-03-19T09:35:00
db:JVNDBid:JVNDB-2012-005762date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201212-214date:2012-12-21T00:00:00
db:NVDid:CVE-2012-5968date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#871148date:2012-12-13T00:00:00
db:CNVDid:CNVD-2012-7489date:2012-12-17T00:00:00
db:VULHUBid:VHN-59249date:2012-12-19T00:00:00
db:BIDid:56927date:2012-12-13T00:00:00
db:JVNDBid:JVNDB-2012-005762date:2012-12-20T00:00:00
db:PACKETSTORMid:118858date:2012-12-14T05:18:47
db:CNNVDid:CNNVD-201212-214date:2012-12-17T00:00:00
db:NVDid:CVE-2012-5968date:2012-12-19T11:55:59.750