Sign-up

ID

VAR-201306-0351


CVE

CVE-2013-4632


TITLE

Huawei AR Series Router DHCP Packet Parsing Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2013-02863 // CNNVD: CNNVD-201304-114

DESCRIPTION

The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP phone. Huawei AR Series Routers is a low-end router device introduced by Huawei. The Huawei AR series routers have an error in the authentication and authorization fields in the DHCP packets. The remote attacker is allowed to use the vulnerability to send specially-made DHCP packets to reset the device. To successfully exploit the vulnerability, the device needs to be used as a DHCP server. Successful exploitation of this vulnerability could result in a denial of service. Successfully exploiting this issue will result in a denial-of-service condition. Huawei AR V200R002C01SPC200 and prior versions are vulnerable. This product provides mobile and fixed network access methods, suitable for enterprise networks

Trust: 3.06

sources: NVD: CVE-2013-4632 // JVNDB: JVNDB-2013-003091 // CNVD: CNVD-2013-02863 // CNNVD: CNNVD-201304-114 // BID: 58939 // VULHUB: VHN-64634

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-02863

AFFECTED PRODUCTS

vendor:huaweimodel:access routerscope:lteversion:v200r002c01spc200

Trust: 1.8

vendor:huaweimodel:ar series routers ar v200r002c01spc200scope:lteversion:<=

Trust: 0.6

vendor:huaweimodel:access routerscope:eqversion:v200r002c01spc200

Trust: 0.6

sources: CNVD: CNVD-2013-02863 // JVNDB: JVNDB-2013-003091 // CNNVD: CNNVD-201306-412 // NVD: CVE-2013-4632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4632
value: HIGH

Trust: 1.0

NVD: CVE-2013-4632
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-02863
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201306-412
value: HIGH

Trust: 0.6

VULHUB: VHN-64634
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-4632
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-02863
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-64634
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-02863 // VULHUB: VHN-64634 // JVNDB: JVNDB-2013-003091 // CNNVD: CNNVD-201306-412 // NVD: CVE-2013-4632

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-64634 // JVNDB: JVNDB-2013-003091 // NVD: CVE-2013-4632

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201306-412 // CNNVD: CNNVD-201304-114

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201306-412

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003091

PATCH
title:Huawei-SA-20130407-01-ARurl:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258476.htm
Trust: 0.8
title:Huawei AR Series Router DHCP Packet Parsing Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/33197
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-02863 // 
            
            
            
            JVNDB: JVNDB-2013-003091

EXTERNAL IDS
db:NVDid:CVE-2013-4632
Trust: 2.8
db:BIDid:58939
Trust: 1.6
db:JVNDBid:JVNDB-2013-003091
Trust: 0.8
db:CNNVDid:CNNVD-201306-412
Trust: 0.7
db:CNVDid:CNVD-2013-02863
Trust: 0.6
db:CNNVDid:CNNVD-201304-114
Trust: 0.6
db:VULHUBid:VHN-64634
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-02863 // 
            
            
            
            VULHUB: VHN-64634 // 
            
            
            
            BID: 58939 // 
            
            
            
            JVNDB: JVNDB-2013-003091 // 
            
            
            
            CNNVD: CNNVD-201306-412 // 
            
            
            
            CNNVD: CNNVD-201304-114 // 
            
            
            
            NVD: CVE-2013-4632

REFERENCES
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258476.htm
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4632
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4632
Trust: 0.8
url:http://www.securityfocus.com/bid/58939
Trust: 0.6
url:http://www.huawei.com/us/productslifecycle/datacommunicationsproducts/networksecurityproducts/hw-144650.htm
Trust: 0.3
url:http://www.huawei.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-02863 // 
            
            
            
            VULHUB: VHN-64634 // 
            
            
            
            BID: 58939 // 
            
            
            
            JVNDB: JVNDB-2013-003091 // 
            
            
            
            CNNVD: CNNVD-201306-412 // 
            
            
            
            CNNVD: CNNVD-201304-114 // 
            
            
            
            NVD: CVE-2013-4632

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 58939

SOURCES
db:CNVDid:CNVD-2013-02863
db:VULHUBid:VHN-64634
db:BIDid:58939
db:JVNDBid:JVNDB-2013-003091
db:CNNVDid:CNNVD-201306-412
db:CNNVDid:CNNVD-201304-114
db:NVDid:CVE-2013-4632

LAST UPDATE DATE
2025-04-11T23:12:49.857000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-02863date:2013-04-10T00:00:00
db:VULHUBid:VHN-64634date:2013-06-21T00:00:00
db:BIDid:58939date:2015-03-19T08:27:00
db:JVNDBid:JVNDB-2013-003091date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201306-412date:2013-06-28T00:00:00
db:CNNVDid:CNNVD-201304-114date:2013-04-12T00:00:00
db:NVDid:CVE-2013-4632date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-02863date:2013-04-10T00:00:00
db:VULHUBid:VHN-64634date:2013-06-20T00:00:00
db:BIDid:58939date:2013-04-07T00:00:00
db:JVNDBid:JVNDB-2013-003091date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201306-412date:2013-06-21T00:00:00
db:CNNVDid:CNNVD-201304-114date:2013-04-12T00:00:00
db:NVDid:CVE-2013-4632date:2013-06-20T15:55:01.107