Sign-up

ID

VAR-201412-0395


CVE

CVE-2014-9134


TITLE

Huawei Honor Cube WS860S Arbitrary File Upload Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-05857 // BID: 69806

DESCRIPTION

Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified. Huawei Honor Cube WS860S is a wireless router product

Trust: 2.52

sources: NVD: CVE-2014-9134 // JVNDB: JVNDB-2014-005759 // CNVD: CNVD-2014-05857 // BID: 69806 // VULHUB: VHN-77079

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-05857

AFFECTED PRODUCTS

vendor:huaweimodel:honor cube wireless router ws860s firewallscope:lteversion:v100r001c02b219

Trust: 1.0

vendor:huaweimodel:honor cube wireless router ws860sscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:ws860s honor cube wireless routerscope: - version: -

Trust: 0.8

vendor:huaweimodel:ws860s honor cube wireless router firewallscope:ltversion:v100r001c02b222

Trust: 0.8

vendor:huaweimodel:honor cube ws860sscope: - version: -

Trust: 0.6

vendor:huaweimodel:honor cube wireless router ws860s firewallscope:eqversion:v100r001c02b219

Trust: 0.6

sources: CNVD: CNVD-2014-05857 // JVNDB: JVNDB-2014-005759 // CNNVD: CNNVD-201409-922 // NVD: CVE-2014-9134

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9134
value: HIGH

Trust: 1.0

NVD: CVE-2014-9134
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-05857
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201409-922
value: CRITICAL

Trust: 0.6

VULHUB: VHN-77079
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-9134
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-9134
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-05857
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-77079
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-05857 // VULHUB: VHN-77079 // JVNDB: JVNDB-2014-005759 // CNNVD: CNNVD-201409-922 // NVD: CVE-2014-9134

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-005759 // NVD: CVE-2014-9134

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-922

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201409-922

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005759

PATCH
title:Huawei-SA-20141114-01-WS860surl:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-396206.htm
Trust: 0.8
title:WS860s_V100R001C02B222_Firmware_generalurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54202
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-005759 // 
            
            
            
            CNNVD: CNNVD-201409-922

EXTERNAL IDS
db:NVDid:CVE-2014-9134
Trust: 3.4
db:BIDid:69806
Trust: 2.6
db:JVNDBid:JVNDB-2014-005759
Trust: 0.8
db:CNNVDid:CNNVD-201409-922
Trust: 0.7
db:CNVDid:CNVD-2014-05857
Trust: 0.6
db:VULHUBid:VHN-77079
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-05857 // 
            
            
            
            VULHUB: VHN-77079 // 
            
            
            
            BID: 69806 // 
            
            
            
            JVNDB: JVNDB-2014-005759 // 
            
            
            
            CNNVD: CNNVD-201409-922 // 
            
            
            
            NVD: CVE-2014-9134

REFERENCES
url:http://www.securityfocus.com/bid/69806
Trust: 1.7
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-396206.htm
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9134
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9134
Trust: 0.8
url:http://www.securityfocus.com/bid/69806/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-05857 // 
            
            
            
            VULHUB: VHN-77079 // 
            
            
            
            JVNDB: JVNDB-2014-005759 // 
            
            
            
            CNNVD: CNNVD-201409-922 // 
            
            
            
            NVD: CVE-2014-9134

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 69806

SOURCES
db:CNVDid:CNVD-2014-05857
db:VULHUBid:VHN-77079
db:BIDid:69806
db:JVNDBid:JVNDB-2014-005759
db:CNNVDid:CNNVD-201409-922
db:NVDid:CVE-2014-9134

LAST UPDATE DATE
2025-04-12T23:04:53.723000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-05857date:2014-09-17T00:00:00
db:VULHUBid:VHN-77079date:2014-12-05T00:00:00
db:BIDid:69806date:2014-12-03T00:57:00
db:JVNDBid:JVNDB-2014-005759date:2014-12-05T00:00:00
db:CNNVDid:CNNVD-201409-922date:2014-12-09T00:00:00
db:NVDid:CVE-2014-9134date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-05857date:2014-09-17T00:00:00
db:VULHUBid:VHN-77079date:2014-12-03T00:00:00
db:BIDid:69806date:2014-09-12T00:00:00
db:JVNDBid:JVNDB-2014-005759date:2014-12-05T00:00:00
db:CNNVDid:CNNVD-201409-922date:2014-09-25T00:00:00
db:NVDid:CVE-2014-9134date:2014-12-03T21:59:01.587