Sign-up

ID

VAR-201609-0689


TITLE

There is a logic design vulnerability in the Howay series of wireless controller login systems

Trust: 0.6

sources: CNVD: CNVD-2016-06631

DESCRIPTION

Howay series wireless controller is a wireless controller independently developed by Hamming Technology Co., Ltd., which has the characteristics of large AP capacity, strong processing performance and rich functional features. There is a logic design vulnerability in the Howay series of wireless controller login systems that allows an attacker to exploit this vulnerability to spoof any cookie to log in and operate.

Trust: 0.6

sources: CNVD: CNVD-2016-06631

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-06631

AFFECTED PRODUCTS

vendor:hanmingmodel:howay series wireless controllerscope: - version: -

Trust: 0.6

vendor:hanmingmodel:howay series wireless controllerscope:eqversion:1.1.x

Trust: 0.6

sources: CNVD: CNVD-2016-06631

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-06631
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-06631
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-06631

EXTERNAL IDS

db:WOOYUNid:WOOYUN-2016-0220098

Trust: 0.6

db:CNVDid:CNVD-2016-06631

Trust: 0.6

sources: CNVD: CNVD-2016-06631

REFERENCES

url:http://www.wooyun.org/bugs/wooyun-2016-0220098

Trust: 0.6

sources: CNVD: CNVD-2016-06631

SOURCES

db:CNVDid:CNVD-2016-06631

LAST UPDATE DATE

2022-05-17T02:10:35.127000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-06631date:2017-04-19T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-06631date:2016-09-17T00:00:00