Sign-up

ID

VAR-201602-0181


CVE

CVE-2015-8265


TITLE

Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries

Trust: 0.8

sources: CERT/CC: VU#972224

DESCRIPTION

Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors. Huawei Mobile provided by Wi-Fi Router E5151 and E5186 Has the problem of using insufficient random values. Insufficient random value used (CWE-330) - CVE-2015-8265 Huawei E5151 and Huawei E5186 Sent from DNS The query source port number is fixed. The attacker DNS By spoofing, LAN It is possible to guide the terminal inside to a malicious server. CWE-330: Use of Insufficiently Random Values http://cwe.mitre.org/data/definitions/330.htmlBy a remote attacker DNS The response is forged, LAN May be directed to a malicious server. HuaweiE51864GLTERouter is a 4G wireless router product from China Huawei. Huawei E5186 is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. There is a security vulnerability in versions earlier than Huawei E5186 4G LTE Router V200R001B310D01SP00C00. A remote attacker could exploit this vulnerability to forge responses

Trust: 3.33

sources: NVD: CVE-2015-8265 // CERT/CC: VU#972224 // JVNDB: JVNDB-2016-001343 // CNVD: CNVD-2016-00863 // BID: 82246 // VULHUB: VHN-86226 // VULMON: CVE-2015-8265

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00863

AFFECTED PRODUCTS

vendor:huaweimodel:e5151scope:lteversion:e5151s-2tcpu-v200r001b141d13sp00c1080

Trust: 1.0

vendor:huaweimodel:e5186scope:lteversion:v200r001b306d01c00

Trust: 1.0

vendor:huaweimodel: - scope: - version: -

Trust: 0.8

vendor:huaweimodel:e5151scope:eqversion:version 21.141.13.00.1080

Trust: 0.8

vendor:huaweimodel:e5186scope:eqversion:version v200r001b306d01c00

Trust: 0.8

vendor:huaweimodel:e5186 4g lte router <v200r001b310d01sp00c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:e5151scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:e5186scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:e5151scope:eqversion:e5151s-2tcpu-v200r001b141d13sp00c1080

Trust: 0.1

vendor:huaweimodel:e5186scope:eqversion:v200r001b306d01c00

Trust: 0.1

sources: CERT/CC: VU#972224 // CNVD: CNVD-2016-00863 // VULMON: CVE-2015-8265 // JVNDB: JVNDB-2016-001343 // CNNVD: CNNVD-201602-013 // NVD: CVE-2015-8265

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2015-8265
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2015-8265
value: HIGH

Trust: 1.0

CNVD: CNVD-2016-00863
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201602-013
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86226
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-8265
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8265
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2015-8265
severity: MEDIUM
baseScore: 5.0
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2016-00863
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86226
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8265
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: CERT/CC: VU#972224 // CNVD: CNVD-2016-00863 // VULHUB: VHN-86226 // VULMON: CVE-2015-8265 // JVNDB: JVNDB-2016-001343 // CNNVD: CNNVD-201602-013 // NVD: CVE-2015-8265

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-86226 // JVNDB: JVNDB-2016-001343 // NVD: CVE-2015-8265

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-013

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201602-013

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001343

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#972224

PATCH
title:Report Vulnerabilitiesurl:http://www.huawei.com/en/psirt/report-vulnerabilities
Trust: 0.8
title:DNS Static Source Port Vulnerability in Huawei E5186 (huawei-sa-20160129-01-dns)url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160129-01-dns-en
Trust: 0.8
title:HuaweiE51864GLTERouter security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/71245
Trust: 0.6
title:Huawei E5186 4G LTE Router Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60024
Trust: 0.6
title:NIST-BULK-CVE-Lookupurl:https://github.com/jaychen2/NIST-BULK-CVE-Lookup 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-00863 // 
            
            
            
            VULMON: CVE-2015-8265 // 
            
            
            
            JVNDB: JVNDB-2016-001343 // 
            
            
            
            CNNVD: CNNVD-201602-013

EXTERNAL IDS
db:NVDid:CVE-2015-8265
Trust: 3.5
db:CERT/CCid:VU#972224
Trust: 3.1
db:BIDid:82246
Trust: 1.5
db:JVNid:JVNVU92574416
Trust: 0.8
db:JVNDBid:JVNDB-2016-001343
Trust: 0.8
db:CNNVDid:CNNVD-201602-013
Trust: 0.7
db:CNVDid:CNVD-2016-00863
Trust: 0.6
db:VULHUBid:VHN-86226
Trust: 0.1
db:VULMONid:CVE-2015-8265
Trust: 0.1
sources:
            
            
            CERT/CC: VU#972224 // 
            
            
            
            CNVD: CNVD-2016-00863 // 
            
            
            
            VULHUB: VHN-86226 // 
            
            
            
            VULMON: CVE-2015-8265 // 
            
            
            
            BID: 82246 // 
            
            
            
            JVNDB: JVNDB-2016-001343 // 
            
            
            
            CNNVD: CNNVD-201602-013 // 
            
            
            
            NVD: CVE-2015-8265

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160129-01-dns-en
Trust: 3.5
url:https://www.kb.cert.org/vuls/id/972224
Trust: 2.4
url:http://www.securityfocus.com/bid/82246
Trust: 1.3
url:http://consumer.huawei.com/lk/mobile-broadband/mobile-wifi/tech-specs/e5151-lk.htm
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8265
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92574416/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8265
Trust: 0.8
url:http://www.huawei.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/jaychen2/nist-bulk-cve-lookup
Trust: 0.1
sources:
            
            
            CERT/CC: VU#972224 // 
            
            
            
            CNVD: CNVD-2016-00863 // 
            
            
            
            VULHUB: VHN-86226 // 
            
            
            
            VULMON: CVE-2015-8265 // 
            
            
            
            BID: 82246 // 
            
            
            
            JVNDB: JVNDB-2016-001343 // 
            
            
            
            CNNVD: CNNVD-201602-013 // 
            
            
            
            NVD: CVE-2015-8265

CREDITS
Joel Land of the CERT/CC
Trust: 0.3
sources:
            
            
            BID: 82246

SOURCES
db:CERT/CCid:VU#972224
db:CNVDid:CNVD-2016-00863
db:VULHUBid:VHN-86226
db:VULMONid:CVE-2015-8265
db:BIDid:82246
db:JVNDBid:JVNDB-2016-001343
db:CNNVDid:CNNVD-201602-013
db:NVDid:CVE-2015-8265

LAST UPDATE DATE
2025-04-13T23:21:08.794000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#972224date:2016-02-01T00:00:00
db:CNVDid:CNVD-2016-00863date:2016-02-15T00:00:00
db:VULHUBid:VHN-86226date:2016-11-28T00:00:00
db:VULMONid:CVE-2015-8265date:2016-11-28T00:00:00
db:BIDid:82246date:2016-07-05T21:35:00
db:JVNDBid:JVNDB-2016-001343date:2016-03-31T00:00:00
db:CNNVDid:CNNVD-201602-013date:2016-02-02T00:00:00
db:NVDid:CVE-2015-8265date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#972224date:2016-02-01T00:00:00
db:CNVDid:CNVD-2016-00863date:2016-02-15T00:00:00
db:VULHUBid:VHN-86226date:2016-02-01T00:00:00
db:VULMONid:CVE-2015-8265date:2016-02-01T00:00:00
db:BIDid:82246date:2016-01-29T00:00:00
db:JVNDBid:JVNDB-2016-001343date:2016-02-03T00:00:00
db:CNNVDid:CNNVD-201602-013date:2016-02-02T00:00:00
db:NVDid:CVE-2015-8265date:2016-02-01T21:59:00.127