Details of VAR-201402-0569

ID

VAR-201402-0569

TITLE

Huawei B593u-12 and T-Mobile HOME NET Router have multiple vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2014-00950

DESCRIPTION

Huawei B593u-12 and T-Mobile HOME NET Router are both wireless router products. Huawei B593u-12 and T-Mobile HOME NET Router have information disclosure vulnerabilities, security restriction bypass vulnerabilities, command injection vulnerabilities, directory traversal vulnerabilities, and cross-site request forgery vulnerabilities. A remote attacker can obtain sensitive information, perform administrator actions, bypass security restrictions, access arbitrary files, execute arbitrary commands, and gain unauthorized access to affected devices. An information-disclosure vulnerability 2. A security-bypass vulnerability 3. A command-injection vulnerability 4. A directory-traversal vulnerability. 5. Other attacks are also possible

Trust: 0.81

sources: CNVD: CNVD-2014-00950 // BID: 65132

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00950

AFFECTED PRODUCTS

vendor:	huawei	model:	b593u-12	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	t-mobile home net router v100r001c54sp063	scope:	-	version:	-	Trust: 0.6
vendor:	t mobile	model:	home net router v100r001c54sp063	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	b593u-12 v100r001c54sp063	scope:	-	version:	-	Trust: 0.3
vendor:	t mobile	model:	home net router v100r001c55sp102	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-00950 // BID: 65132

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-00950
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-00950
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-00950

THREAT TYPE

network

Trust: 0.3

sources: BID: 65132

TYPE

Unknown

Trust: 0.3

sources: BID: 65132

PATCH

title:

Huawei B593u-12 and T-Mobile HOME NET Router have multiple vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/43587

Trust: 0.6

sources: CNVD: CNVD-2014-00950

EXTERNAL IDS

db:	BID	id:	65132	Trust: 0.9
db:	CNVD	id:	CNVD-2014-00950	Trust: 0.6

sources: CNVD: CNVD-2014-00950 // BID: 65132

REFERENCES

url:	http://www.linuxidc.com/linux/2014-02/96467.htm	Trust: 0.6
url:	http://blog.asiantuntijakaveri.fi/2013/08/gaining-root-shell-on-huawei-b593-4g.html	Trust: 0.3
url:	http://www.huawei.com	Trust: 0.3
url:	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140122-0_t-mobile_homenet_lte_huawei_b593_router_critical_vulnerabilities_wo_poc_v10.txt	Trust: 0.3
url:	http://blog.t-mobile.at/2014/01/22/software-updates-schuetzen-vor-sicherheitsluecken/	Trust: 0.3
url:	http://www.t-mobile.at/	Trust: 0.3

sources: CNVD: CNVD-2014-00950 // BID: 65132

CREDITS

J. Greil, asiantuntijakaveri@ichtyotoxism

Trust: 0.3

sources: BID: 65132

SOURCES

db:	CNVD	id:	CNVD-2014-00950
db:	BID	id:	65132

LAST UPDATE DATE

2022-05-17T01:48:03.044000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00950	date:	2014-02-14T00:00:00
db:	BID	id:	65132	date:	2013-12-12T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00950	date:	2014-02-17T00:00:00
db:	BID	id:	65132	date:	2013-12-12T00:00:00