Sign-up

ID

VAR-201212-0173


CVE

CVE-2012-5970


TITLE

Huawei E585 pocket wifi 2 device contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#871148

DESCRIPTION

The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified vulnerability-scanning software. The Huawei E585 pocket wifi 2 device contains multiple vulnerabilities which could allow an attacker to perform administrative functions on the device. Huawei E585 is a WiFi 3G wireless routing device. The Huawei E585 device has a security vulnerability when analyzing a specific packet, such as a packet sent by a vulnerability scanner. Huawei E585 is prone to a denial-of-service vulnerability, a directory-traversal vulnerability, and a security-bypass vulnerability. Attackers can exploit these issues to retrieve and overwrite arbitrary files, perform denial-of-service attacks, bypass certain security restrictions, and gain unauthorized access; this will aid in further attacks. Huawei E585 is a high-speed wireless network access modem produced by China Huawei (Huawei). Vulnerabilities exist in Huawei E585 devices. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Huawei E585 Management Interface Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51596 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51596/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51596 RELEASE DATE: 2012-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/51596/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51596/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51596 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Huawei E585, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and cause a DoS (Denial of Service). 1) An error within the web management interface when validating the status of a logged in session can be exploited to bypass the authentication process. 2) An error within the web management interface when processing certain web requests can be exploited to access arbitrary files via directory traversal sequences. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.33

sources: NVD: CVE-2012-5970 // CERT/CC: VU#871148 // JVNDB: JVNDB-2012-005764 // CNVD: CNVD-2012-7491 // BID: 56927 // VULHUB: VHN-59251 // PACKETSTORM: 118858

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-7491

AFFECTED PRODUCTS

vendor:huaweimodel:e585scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:e585u-82scope:eqversion: -

Trust: 1.6

vendor:huaweimodel: - scope: - version: -

Trust: 0.8

vendor:huaweimodel:e585scope: - version: -

Trust: 0.8

vendor:huaweimodel:e585u-82scope: - version: -

Trust: 0.8

vendor:huaweimodel:e585 pocket wifi devicescope:eqversion:2

Trust: 0.6

sources: CERT/CC: VU#871148 // CNVD: CNVD-2012-7491 // JVNDB: JVNDB-2012-005764 // CNNVD: CNNVD-201212-216 // NVD: CVE-2012-5970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5970
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-5970
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201212-216
value: MEDIUM

Trust: 0.6

VULHUB: VHN-59251
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-5970
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-59251
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-59251 // JVNDB: JVNDB-2012-005764 // CNNVD: CNNVD-201212-216 // NVD: CVE-2012-5970

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2012-005764 // NVD: CVE-2012-5970

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201212-216

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201212-216

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005764

PATCH
title:Top Pageurl:http://www.huawei.com/jp/
Trust: 0.8
title:Huawei-SA-20121203-1-E585url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm
Trust: 0.8
title:Huawei E585 pocket wifi 2 device denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/26541
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-7491 // 
            
            
            
            JVNDB: JVNDB-2012-005764

EXTERNAL IDS
db:CERT/CCid:VU#871148
Trust: 4.2
db:NVDid:CVE-2012-5970
Trust: 3.4
db:BIDid:56927
Trust: 0.9
db:JVNid:JVNVU92360060
Trust: 0.8
db:JVNDBid:JVNDB-2012-005764
Trust: 0.8
db:CNNVDid:CNNVD-201212-216
Trust: 0.7
db:SECUNIAid:51596
Trust: 0.7
db:CNVDid:CNVD-2012-7491
Trust: 0.6
db:VULHUBid:VHN-59251
Trust: 0.1
db:PACKETSTORMid:118858
Trust: 0.1
sources:
            
            
            CERT/CC: VU#871148 // 
            
            
            
            CNVD: CNVD-2012-7491 // 
            
            
            
            VULHUB: VHN-59251 // 
            
            
            
            BID: 56927 // 
            
            
            
            JVNDB: JVNDB-2012-005764 // 
            
            
            
            PACKETSTORM: 118858 // 
            
            
            
            CNNVD: CNNVD-201212-216 // 
            
            
            
            NVD: CVE-2012-5970

REFERENCES
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm
Trust: 3.7
url:http://www.kb.cert.org/vuls/id/871148
Trust: 2.8
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5970
Trust: 0.8
url:http://jvn.jp/cert/jvnvu92360060/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5970
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/871148http
Trust: 0.6
url:http://secunia.com/advisories/51596
Trust: 0.6
url:http://www.securityfocus.com/bid/56927
Trust: 0.6
url:http://www.huaweidevice.com/worldwide/
Trust: 0.3
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=51596
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/51596/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/blog/325/
Trust: 0.1
url:http://secunia.com/advisories/51596/#comments
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#871148 // 
            
            
            
            CNVD: CNVD-2012-7491 // 
            
            
            
            VULHUB: VHN-59251 // 
            
            
            
            BID: 56927 // 
            
            
            
            JVNDB: JVNDB-2012-005764 // 
            
            
            
            PACKETSTORM: 118858 // 
            
            
            
            CNNVD: CNNVD-201212-216 // 
            
            
            
            NVD: CVE-2012-5970

CREDITS
John Bird
Trust: 0.9
sources:
            
            
            BID: 56927 // 
            
            
            
            CNNVD: CNNVD-201212-216

SOURCES
db:CERT/CCid:VU#871148
db:CNVDid:CNVD-2012-7491
db:VULHUBid:VHN-59251
db:BIDid:56927
db:JVNDBid:JVNDB-2012-005764
db:PACKETSTORMid:118858
db:CNNVDid:CNNVD-201212-216
db:NVDid:CVE-2012-5970

LAST UPDATE DATE
2025-04-11T23:05:42.297000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#871148date:2012-12-13T00:00:00
db:CNVDid:CNVD-2012-7491date:2012-12-17T00:00:00
db:VULHUBid:VHN-59251date:2013-01-29T00:00:00
db:BIDid:56927date:2015-03-19T09:35:00
db:JVNDBid:JVNDB-2012-005764date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201212-216date:2012-12-21T00:00:00
db:NVDid:CVE-2012-5970date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#871148date:2012-12-13T00:00:00
db:CNVDid:CNVD-2012-7491date:2012-12-17T00:00:00
db:VULHUBid:VHN-59251date:2012-12-19T00:00:00
db:BIDid:56927date:2012-12-13T00:00:00
db:JVNDBid:JVNDB-2012-005764date:2012-12-20T00:00:00
db:PACKETSTORMid:118858date:2012-12-14T05:18:47
db:CNNVDid:CNNVD-201212-216date:2012-12-17T00:00:00
db:NVDid:CVE-2012-5970date:2012-12-19T11:55:59.827