Sign-up

ID

VAR-201606-0457


CVE

CVE-2016-5366


TITLE

Huawei Honor WS851 Vulnerability to change configuration data in router software

Trust: 0.8

sources: JVNDB: JVNDB-2016-003164

DESCRIPTION

Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052. Vendors have confirmed this vulnerability HWPSIRT-2016-05052 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party " File injection vulnerability " The setting data may be changed through the process. HuaweiWS851 is a wireless router product from China's Huawei company. A security vulnerability exists in versions prior to HuaweiWS8511.1.21.1 that originated from a program that does not restrict ports. An attacker could exploit this vulnerability to inject arbitrary files. Huawei Honor is prone to an arbitrary file include vulnerability because it fails to adequately validate user-supplied input. Huawei Honor WS851 firmware version 1.1.21.1 and prior are affected

Trust: 2.52

sources: NVD: CVE-2016-5366 // JVNDB: JVNDB-2016-003164 // CNVD: CNVD-2016-04033 // BID: 91214 // VULHUB: VHN-94185

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-04033

AFFECTED PRODUCTS

vendor:huaweimodel:honor ws851scope:lteversion:1.1.21.1

Trust: 1.0

vendor:huaweimodel:ws851scope: - version: -

Trust: 0.8

vendor:huaweimodel:ws851scope:lteversion:1.1.21.1

Trust: 0.8

vendor:huaweimodel:honor ws851scope:lteversion:<=1.1.21.1

Trust: 0.6

vendor:huaweimodel:honor ws851scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-04033 // JVNDB: JVNDB-2016-003164 // NVD: CVE-2016-5366 // CNNVD: CNNVD-201606-304

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-5366
value: HIGH

Trust: 1.8

CNVD: CNVD-2016-04033
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201606-304
value: MEDIUM

Trust: 0.6

VULHUB: VHN-94185
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-5366
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2016-04033
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-94185
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2016-5366
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-04033 // VULHUB: VHN-94185 // JVNDB: JVNDB-2016-003164 // NVD: CVE-2016-5366 // CNNVD: CNNVD-201606-304

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-94185 // JVNDB: JVNDB-2016-003164 // NVD: CVE-2016-5366

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-304

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201606-304

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-5366

PATCH
title:huawei-sa-20160607-01-honorrouter (HWPSIRT-2016-05052)url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-en
Trust: 0.8
title:HuaweiWS851 injection vulnerability patchurl:https://www.cnvd.org.cn/patchinfo/show/77541
Trust: 0.6
title:Huawei WS851 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62254
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-04033 // 
            
            
            
            JVNDB: JVNDB-2016-003164 // 
            
            
            
            CNNVD: CNNVD-201606-304

EXTERNAL IDS
db:NVDid:CVE-2016-5366
Trust: 3.4
db:JVNDBid:JVNDB-2016-003164
Trust: 0.8
db:CNNVDid:CNNVD-201606-304
Trust: 0.7
db:CNVDid:CNVD-2016-04033
Trust: 0.6
db:BIDid:91214
Trust: 0.4
db:VULHUBid:VHN-94185
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-04033 // 
            
            
            
            VULHUB: VHN-94185 // 
            
            
            
            BID: 91214 // 
            
            
            
            JVNDB: JVNDB-2016-003164 // 
            
            
            
            NVD: CVE-2016-5366 // 
            
            
            
            CNNVD: CNNVD-201606-304

REFERENCES
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-cn
Trust: 1.2
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-en
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5366
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5366
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-04033 // 
            
            
            
            VULHUB: VHN-94185 // 
            
            
            
            JVNDB: JVNDB-2016-003164 // 
            
            
            
            NVD: CVE-2016-5366 // 
            
            
            
            CNNVD: CNNVD-201606-304

CREDITS
Yang Kun
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201606-304

SOURCES
db:CNVDid:CNVD-2016-04033
db:VULHUBid:VHN-94185
db:BIDid:91214
db:JVNDBid:JVNDB-2016-003164
db:NVDid:CVE-2016-5366
db:CNNVDid:CNNVD-201606-304

LAST UPDATE DATE
2023-12-18T13:39:10.823000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-04033date:2016-06-15T00:00:00
db:VULHUBid:VHN-94185date:2016-06-14T00:00:00
db:BIDid:91214date:2016-06-15T00:00:00
db:JVNDBid:JVNDB-2016-003164date:2016-06-16T00:00:00
db:NVDid:CVE-2016-5366date:2016-06-14T18:31:12.923
db:CNNVDid:CNNVD-201606-304date:2016-06-14T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-04033date:2016-06-15T00:00:00
db:VULHUBid:VHN-94185date:2016-06-14T00:00:00
db:BIDid:91214date:2016-06-15T00:00:00
db:JVNDBid:JVNDB-2016-003164date:2016-06-16T00:00:00
db:NVDid:CVE-2016-5366date:2016-06-14T14:59:04.993
db:CNNVDid:CNNVD-201606-304date:2016-06-14T00:00:00