Details of VAR-201609-0566

ID

VAR-201609-0566

CVE

CVE-2016-6825

TITLE

plural Huawei Vulnerability in obtaining password in product software

Trust: 0.8

sources: JVNDB: JVNDB-2016-004561

DESCRIPTION

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms.". plural Huawei Product software includes " Missing authentication protection mechanism " There is a vulnerability in password acquisition due to incomplete processing. Supplementary information : CWE Vulnerability type by CWE-285: Improper Authorization ( Inappropriate authentication ) Has been identified. http://cwe.mitre.org/data/definitions/285.htmlRound robin by a third party (brute-force) A password may be obtained through an attack. Huawei is a Chinese provider of information and communication solutions. An authentication bypass vulnerability exists in multiple Huawei servers, and an attacker can exploit this vulnerability to bypass the authentication mechanism. Huawei XH628 and others are all servers of China Huawei (Huawei). There are brute force cracking attack vulnerabilities in several Huawei servers. A remote attacker could exploit this vulnerability to obtain passwords through a brute force attack. The following products and versions are affected: Huawei XH620 V3, XH622 V3, XH628 V3 earlier than V100R003C00SPC610, RH1288 V3 earlier than V100R003C00SPC613, RH2288 V3 earlier than V100R003C00SPC617, and RH2288H V3 earlier than V100R003C

Trust: 2.52

sources: NVD: CVE-2016-6825 // JVNDB: JVNDB-2016-004561 // CNVD: CNVD-2016-06460 // BID: 92504 // VULHUB: VHN-95645

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06460

AFFECTED PRODUCTS

vendor:	huawei	model:	xh628 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	rh2288 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	xh622 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	rh1288 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	rh2288h v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	xh620 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	rh1288 v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	rh2288 v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	rh2288h v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	xh620 v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	xh622 v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	xh628 v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	rh1288 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rh1288 v3	scope:	lt	version:	v100r003c00spc613	Trust: 0.8
vendor:	huawei	model:	rh2288 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rh2288 v3	scope:	lt	version:	v100r003c00spc617	Trust: 0.8
vendor:	huawei	model:	rh2288h v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rh2288h v3	scope:	lt	version:	v100r003c00spc515	Trust: 0.8
vendor:	huawei	model:	xh620 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	xh620 v3	scope:	lt	version:	v100r003c00spc610	Trust: 0.8
vendor:	huawei	model:	xh622 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	xh622 v3	scope:	lt	version:	v100r003c00spc610	Trust: 0.8
vendor:	huawei	model:	xh628 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	xh628 v3	scope:	lt	version:	v100r003c00spc610	Trust: 0.8
vendor:	huawei	model:	rh5885 v100r003c01	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	ch242 v100r001c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	xh628 v100r003c00spc610	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	xh622 v100r003c00spc610	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	xh620 v100r003c00spc610	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	rh2288h v100r003c00spc515	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	rh2288 v100r003c00spc617	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	rh1288 v100r003c00spc613	scope:	ne	version:	v3	Trust: 0.3

sources: CNVD: CNVD-2016-06460 // BID: 92504 // JVNDB: JVNDB-2016-004561 // CNNVD: CNNVD-201608-326 // NVD: CVE-2016-6825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6825
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-6825
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2016-06460
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201608-326
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95645
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6825
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-06460
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-95645
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6825
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-06460 // VULHUB: VHN-95645 // JVNDB: JVNDB-2016-004561 // CNNVD: CNNVD-201608-326 // NVD: CVE-2016-6825

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-95645 // JVNDB: JVNDB-2016-004561 // NVD: CVE-2016-6825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-326

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201608-326

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004561

PATCH

title:	huawei-sa-20160817-01-server	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en	Trust: 0.8
title:	Multiple Huawei server authentication bypass vulnerability patches	url:	https://www.cnvd.org.cn/patchInfo/show/80577	Trust: 0.6
title:	Multiple Huawei Product brute force cracking repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63693	Trust: 0.6

sources: CNVD: CNVD-2016-06460 // JVNDB: JVNDB-2016-004561 // CNNVD: CNNVD-201608-326

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6825	Trust: 3.4
db:	BID	id:	92504	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-004561	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-326	Trust: 0.7
db:	CNVD	id:	CNVD-2016-06460	Trust: 0.6
db:	NSFOCUS	id:	34589	Trust: 0.6
db:	VULHUB	id:	VHN-95645	Trust: 0.1

sources: CNVD: CNVD-2016-06460 // VULHUB: VHN-95645 // BID: 92504 // JVNDB: JVNDB-2016-004561 // CNNVD: CNNVD-201608-326 // NVD: CVE-2016-6825

REFERENCES

url:	http://www.securityfocus.com/bid/92504	Trust: 2.3
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6825	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6825	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/34589	Trust: 0.6
url:	http://www.huawei.com	Trust: 0.3
url:	http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160817-01-server-en	Trust: 0.3

sources: CNVD: CNVD-2016-06460 // VULHUB: VHN-95645 // BID: 92504 // JVNDB: JVNDB-2016-004561 // CNNVD: CNNVD-201608-326 // NVD: CVE-2016-6825

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 92504

SOURCES

db:	CNVD	id:	CNVD-2016-06460
db:	VULHUB	id:	VHN-95645
db:	BID	id:	92504
db:	JVNDB	id:	JVNDB-2016-004561
db:	CNNVD	id:	CNNVD-201608-326
db:	NVD	id:	CVE-2016-6825

LAST UPDATE DATE

2025-04-13T23:25:08.596000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-06460	date:	2017-01-03T00:00:00
db:	VULHUB	id:	VHN-95645	date:	2016-09-08T00:00:00
db:	BID	id:	92504	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004561	date:	2016-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201608-326	date:	2016-09-08T00:00:00
db:	NVD	id:	CVE-2016-6825	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-06460	date:	2016-08-20T00:00:00
db:	VULHUB	id:	VHN-95645	date:	2016-09-07T00:00:00
db:	BID	id:	92504	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004561	date:	2016-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201608-326	date:	2016-08-18T00:00:00
db:	NVD	id:	CVE-2016-6825	date:	2016-09-07T19:28:14.503