Sign-up

ID

VAR-201307-0610


TITLE

Huawei E587 3G Mobile Hotspot SMS message has an unidentified cross-site scripting vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-09991

DESCRIPTION

Huawei E587 3G Mobile Hotspot is a wireless router device that supports 3G. Huawei E587 3G Mobile Hotspot incorrectly verifies certain inputs in SMS messages, allowing remote attackers to build special SMS requests, entice users to resolve, obtain targeted user sensitive information or hijack user sessions.

Trust: 0.6

sources: CNVD: CNVD-2013-09991

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-09991

AFFECTED PRODUCTS

vendor:huaweimodel:e587 3g mobile hotspotscope:eqversion:11.203.27

Trust: 0.6

sources: CNVD: CNVD-2013-09991

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-09991
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2013-09991
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-09991

EXTERNAL IDS

db:OSVDBid:95262

Trust: 0.6

db:CNVDid:CNVD-2013-09991

Trust: 0.6

sources: CNVD: CNVD-2013-09991

REFERENCES

url:http://osvdb.org/show/osvdb/95262

Trust: 0.6

sources: CNVD: CNVD-2013-09991

SOURCES

db:CNVDid:CNVD-2013-09991

LAST UPDATE DATE

2022-05-17T02:00:03.725000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-09991date:2013-07-19T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-09991date:2013-07-19T00:00:00