Details of VAR-201704-0468

ID

VAR-201704-0468

CVE

CVE-2014-9691

TITLE

plural Huawei Tecal Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2014-008281

DESCRIPTION

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow users who log in to the products to view the sessions IDs of all online users on the Online Users page of the web UI. plural Huawei Tecal The product contains an information disclosure vulnerability.Information may be obtained. Huawei TecalRH1288V2 is a server of Huawei (Huawei) of China. An attacker could use this vulnerability to view the session IDs of all online users on the WebUI's OnlineUsers page. Huawei Tecal RH1288 V2 and others are all servers of the Chinese company Huawei

Trust: 2.25

sources: NVD: CVE-2014-9691 // JVNDB: JVNDB-2014-008281 // CNVD: CNVD-2017-04635 // VULHUB: VHN-77636

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04635

AFFECTED PRODUCTS

vendor:	huawei	model:	tecal rh2268 v2	scope:	eq	version:	v100r002c00	Trust: 2.4
vendor:	huawei	model:	tecal bh620 v2	scope:	lte	version:	v100r002c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal bh621 v2	scope:	lte	version:	v100r002c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal bh622 v2	scope:	lte	version:	v100r002c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal bh640 v2	scope:	lte	version:	v100r002c00spc108	Trust: 1.8
vendor:	huawei	model:	tecal ch121	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch140	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal ch220	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch221	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch222	scope:	lte	version:	v100r002c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch240	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch242 v3	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal ch242	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal dh310 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal dh320 v2	scope:	lte	version:	v100r001c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal dh620 v2	scope:	lte	version:	v100r001c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal dh621 v2	scope:	lte	version:	v100r001c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal dh628 v2	scope:	lte	version:	v100r001c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal rh1288 v2	scope:	lte	version:	v100r002c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal rh2265 v2	scope:	eq	version:	v100r002c00	Trust: 1.8
vendor:	huawei	model:	tecal rh2285 v2	scope:	lte	version:	v100r002c00spc115	Trust: 1.8
vendor:	huawei	model:	tecal rh2285h v2	scope:	lte	version:	v100r002c00spc111	Trust: 1.8
vendor:	huawei	model:	tecal rh2288 v2	scope:	lte	version:	v100r002c00spc117	Trust: 1.8
vendor:	huawei	model:	tecal rh2288h v2	scope:	lte	version:	v100r002c00spc115	Trust: 1.8
vendor:	huawei	model:	tecal rh2485 v2	scope:	lte	version:	v100r002c00spc502	Trust: 1.8
vendor:	huawei	model:	tecal rh5885 v2	scope:	lte	version:	v100r001c02spc109	Trust: 1.8
vendor:	huawei	model:	tecal rh5885 v3	scope:	lte	version:	v100r003c01spc102	Trust: 1.8
vendor:	huawei	model:	tecal rh5885h v3	scope:	lte	version:	v100r003c00spc102	Trust: 1.8
vendor:	huawei	model:	tecal xh310 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal xh311 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal xh320 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal xh621 v2	scope:	lte	version:	v100r001c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tecal xh320 v2	scope:	eq	version:	v100r001c00spc110	Trust: 0.6
vendor:	huawei	model:	tecal rh2288h v2	scope:	eq	version:	v100r002c00spc115	Trust: 0.6
vendor:	huawei	model:	tecal rh5885 v2	scope:	eq	version:	v100r001c02spc109	Trust: 0.6
vendor:	huawei	model:	tecal rh2485 v2	scope:	eq	version:	v100r002c00spc502	Trust: 0.6
vendor:	huawei	model:	tecal xh311 v2	scope:	eq	version:	v100r001c00spc110	Trust: 0.6
vendor:	huawei	model:	tecal xh621 v2	scope:	eq	version:	v100r001c00spc106	Trust: 0.6
vendor:	huawei	model:	tecal rh5885 v3	scope:	eq	version:	v100r003c01spc102	Trust: 0.6
vendor:	huawei	model:	tecal xh310 v2	scope:	eq	version:	v100r001c00spc110	Trust: 0.6
vendor:	huawei	model:	tecal rh5885h v3	scope:	eq	version:	v100r003c00spc102	Trust: 0.6

sources: CNVD: CNVD-2017-04635 // JVNDB: JVNDB-2014-008281 // CNNVD: CNNVD-201704-204 // NVD: CVE-2014-9691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9691
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-9691
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-04635
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-204
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-77636
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-9691
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-04635
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-77636
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-9691
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-04635 // VULHUB: VHN-77636 // JVNDB: JVNDB-2014-008281 // CNNVD: CNNVD-201704-204 // NVD: CVE-2014-9691

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-77636 // JVNDB: JVNDB-2014-008281 // NVD: CVE-2014-9691

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-204

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-204

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008281

PATCH

title:	Huawei-SA-20141224-01-Tecal	url:	http://www.huawei.com/en/psirt/security-advisories/hw-408100	Trust: 0.8
title:	Patches for multiple Huawei server information disclosure vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/91947	Trust: 0.6
title:	Various Huawei server information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69051	Trust: 0.6

sources: CNVD: CNVD-2017-04635 // JVNDB: JVNDB-2014-008281 // CNNVD: CNNVD-201704-204

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9691	Trust: 3.1
db:	JVNDB	id:	JVNDB-2014-008281	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-204	Trust: 0.7
db:	CNVD	id:	CNVD-2017-04635	Trust: 0.6
db:	VULHUB	id:	VHN-77636	Trust: 0.1

sources: CNVD: CNVD-2017-04635 // VULHUB: VHN-77636 // JVNDB: JVNDB-2014-008281 // CNNVD: CNNVD-201704-204 // NVD: CVE-2014-9691

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/hw-408100	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9691	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9691	Trust: 0.8

sources: CNVD: CNVD-2017-04635 // VULHUB: VHN-77636 // JVNDB: JVNDB-2014-008281 // CNNVD: CNNVD-201704-204 // NVD: CVE-2014-9691

SOURCES

db:	CNVD	id:	CNVD-2017-04635
db:	VULHUB	id:	VHN-77636
db:	JVNDB	id:	JVNDB-2014-008281
db:	CNNVD	id:	CNNVD-201704-204
db:	NVD	id:	CVE-2014-9691

LAST UPDATE DATE

2025-04-20T23:40:09.933000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04635	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-77636	date:	2017-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2014-008281	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-204	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2014-9691	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04635	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-77636	date:	2017-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-008281	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-204	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2014-9691	date:	2017-04-02T20:59:00.517