Sign-up

ID

VAR-201704-0467


CVE

CVE-2014-9690


TITLE

Huawei WS318 In firmware PRNG Inadequate entropy vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008250

DESCRIPTION

Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier's solution is not random enough. As a result, brute force cracking the PIN code is easier. After an attacker cracks the PIN, the attacker can access the Internet via the cracked device. Huawei WS318 The firmware includes PRNG There is an insufficient entropy vulnerability in.Information may be obtained. Huawei WS318 is a wireless router product from China's Huawei company. A security vulnerability exists in Huawei's WS318V100R001C01B022 and previous versions

Trust: 2.34

sources: NVD: CVE-2014-9690 // JVNDB: JVNDB-2014-008250 // CNVD: CNVD-2017-04634 // VULHUB: VHN-77635 // VULMON: CVE-2014-9690

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04634

AFFECTED PRODUCTS

vendor:huaweimodel:ws318scope:eqversion:v100r001c01b022

Trust: 1.4

vendor:huaweimodel:ws318scope:lteversion:v100r001c01b022

Trust: 1.0

vendor:huaweimodel:ws318 <=v100r001c01b022scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-04634 // JVNDB: JVNDB-2014-008250 // CNNVD: CNNVD-201704-205 // NVD: CVE-2014-9690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9690
value: HIGH

Trust: 1.0

NVD: CVE-2014-9690
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-04634
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-205
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77635
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-9690
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9690
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2014-9690
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-04634
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-77635
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-9690
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04634 // VULHUB: VHN-77635 // VULMON: CVE-2014-9690 // JVNDB: JVNDB-2014-008250 // CNNVD: CNNVD-201704-205 // NVD: CVE-2014-9690

PROBLEMTYPE DATA

problemtype:CWE-332

Trust: 1.9

sources: VULHUB: VHN-77635 // JVNDB: JVNDB-2014-008250 // NVD: CVE-2014-9690

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-205

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-205

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008250

PATCH
title:Security Advisory-WPS PIN Offline Brute Force Cracking Vulnerability in Huawei Home Gateway Productsurl:http://www.huawei.com/en/psirt/security-advisories/hw-408091
Trust: 0.8
title:Huawei WS318 design vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/91946
Trust: 0.6
title:Huawei WS318 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69052
Trust: 0.6
title: - url:https://github.com/ForceFledgling/CVE-2014-9690 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04634 // 
            
            
            
            VULMON: CVE-2014-9690 // 
            
            
            
            JVNDB: JVNDB-2014-008250 // 
            
            
            
            CNNVD: CNNVD-201704-205

EXTERNAL IDS
db:NVDid:CVE-2014-9690
Trust: 3.2
db:JVNDBid:JVNDB-2014-008250
Trust: 0.8
db:CNNVDid:CNNVD-201704-205
Trust: 0.7
db:CNVDid:CNVD-2017-04634
Trust: 0.6
db:VULHUBid:VHN-77635
Trust: 0.1
db:VULMONid:CVE-2014-9690
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04634 // 
            
            
            
            VULHUB: VHN-77635 // 
            
            
            
            VULMON: CVE-2014-9690 // 
            
            
            
            JVNDB: JVNDB-2014-008250 // 
            
            
            
            CNNVD: CNNVD-201704-205 // 
            
            
            
            NVD: CVE-2014-9690

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/hw-408091
Trust: 2.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9690
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-9690
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/332.html
Trust: 0.1
url:https://github.com/forcefledgling/cve-2014-9690
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04634 // 
            
            
            
            VULHUB: VHN-77635 // 
            
            
            
            VULMON: CVE-2014-9690 // 
            
            
            
            JVNDB: JVNDB-2014-008250 // 
            
            
            
            CNNVD: CNNVD-201704-205 // 
            
            
            
            NVD: CVE-2014-9690

SOURCES
db:CNVDid:CNVD-2017-04634
db:VULHUBid:VHN-77635
db:VULMONid:CVE-2014-9690
db:JVNDBid:JVNDB-2014-008250
db:CNNVDid:CNNVD-201704-205
db:NVDid:CVE-2014-9690

LAST UPDATE DATE
2025-04-20T23:37:57.006000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04634date:2017-04-19T00:00:00
db:VULHUBid:VHN-77635date:2017-04-05T00:00:00
db:VULMONid:CVE-2014-9690date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2014-008250date:2017-05-01T00:00:00
db:CNNVDid:CNNVD-201704-205date:2017-04-06T00:00:00
db:NVDid:CVE-2014-9690date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04634date:2017-04-19T00:00:00
db:VULHUBid:VHN-77635date:2017-04-02T00:00:00
db:VULMONid:CVE-2014-9690date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2014-008250date:2017-05-01T00:00:00
db:CNNVDid:CNNVD-201704-205date:2017-04-06T00:00:00
db:NVDid:CVE-2014-9690date:2017-04-02T20:59:00.500