Details of VAR-201704-0472

ID

VAR-201704-0472

CVE

CVE-2014-9693

TITLE

plural Huawei Tecal Data processing vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2014-008283

DESCRIPTION

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to execute arbitrary code or restart the system via crafted DNS packets. plural Huawei Tecal The product contains data processing vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei TecalRH1288V2 is a server of Huawei (Huawei) of China. A buffer overflow vulnerability exists in several Huawei servers. The vulnerability is caused by the failure of the program to fully detect the length of the copied data when processing the packets of the DNS server. An attacker could exploit the vulnerability to execute arbitrary code or cause a system reboot. Huawei Tecal RH1288 V2 and others are all servers of the Chinese company Huawei

Trust: 2.25

sources: NVD: CVE-2014-9693 // JVNDB: JVNDB-2014-008283 // CNVD: CNVD-2017-04637 // VULHUB: VHN-77638

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04637

AFFECTED PRODUCTS

vendor:	huawei	model:	tecal rh2265 v2	scope:	eq	version:	v100r002c00	Trust: 2.4
vendor:	huawei	model:	tecal rh2268 v2	scope:	eq	version:	v100r002c00	Trust: 2.4
vendor:	huawei	model:	tecal bh620 v2	scope:	lte	version:	v100r002c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal bh621 v2	scope:	lte	version:	v100r002c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal bh622 v2	scope:	lte	version:	v100r002c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal bh640 v2	scope:	lte	version:	v100r002c00spc108	Trust: 1.8
vendor:	huawei	model:	tecal ch121	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch140	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal ch220	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch221	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch222	scope:	lte	version:	v100r002c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch240	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch242 v3	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal ch242	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal dh310 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal dh320 v2	scope:	lte	version:	v100r001c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal dh620 v2	scope:	lte	version:	v100r001c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal dh621 v2	scope:	lte	version:	v100r001c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal dh628 v2	scope:	lte	version:	v100r001c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal rh1288 v2	scope:	lte	version:	v100r002c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal rh2285 v2	scope:	lte	version:	v100r002c00spc115	Trust: 1.8
vendor:	huawei	model:	tecal rh2285h v2	scope:	lte	version:	v100r002c00spc111	Trust: 1.8
vendor:	huawei	model:	tecal rh2288 v2	scope:	lte	version:	v100r002c00spc117	Trust: 1.8
vendor:	huawei	model:	tecal rh2288h v2	scope:	lte	version:	v100r002c00spc115	Trust: 1.8
vendor:	huawei	model:	tecal rh2485 v2	scope:	lte	version:	v100r002c00spc502	Trust: 1.8
vendor:	huawei	model:	tecal rh5885 v2	scope:	lte	version:	v100r001c02spc109	Trust: 1.8
vendor:	huawei	model:	tecal rh5885 v3	scope:	lte	version:	v100r003c01spc102	Trust: 1.8
vendor:	huawei	model:	tecal rh5885h v3	scope:	lte	version:	v100r003c00spc102	Trust: 1.8
vendor:	huawei	model:	tecal xh310 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal xh311 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal xh320 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal xh621 v2	scope:	lte	version:	v100r001c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tecal rh2285h v2	scope:	eq	version:	v100r002c00spc111	Trust: 0.6
vendor:	huawei	model:	tecal rh2288h v2	scope:	eq	version:	v100r002c00spc115	Trust: 0.6
vendor:	huawei	model:	tecal rh5885 v2	scope:	eq	version:	v100r001c02spc109	Trust: 0.6
vendor:	huawei	model:	tecal rh2485 v2	scope:	eq	version:	v100r002c00spc502	Trust: 0.6
vendor:	huawei	model:	tecal rh5885 v3	scope:	eq	version:	v100r003c01spc102	Trust: 0.6
vendor:	huawei	model:	tecal rh2285 v2	scope:	eq	version:	v100r002c00spc115	Trust: 0.6
vendor:	huawei	model:	tecal rh2288 v2	scope:	eq	version:	v100r002c00spc117	Trust: 0.6
vendor:	huawei	model:	tecal rh5885h v3	scope:	eq	version:	v100r003c00spc102	Trust: 0.6

sources: CNVD: CNVD-2017-04637 // JVNDB: JVNDB-2014-008283 // NVD: CVE-2014-9693 // CNNVD: CNNVD-201704-202

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2014-9693
value:	CRITICAL
Trust: 1.8
CNVD:	CNVD-2017-04637
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-202
value:	HIGH
Trust: 0.6
VULHUB:	VHN-77638
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2014-9693
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2017-04637
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-77638
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2014-9693
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-04637 // VULHUB: VHN-77638 // JVNDB: JVNDB-2014-008283 // NVD: CVE-2014-9693 // CNNVD: CNNVD-201704-202

PROBLEMTYPE DATA

problemtype:

CWE-19

Trust: 1.9

sources: VULHUB: VHN-77638 // JVNDB: JVNDB-2014-008283 // NVD: CVE-2014-9693

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-202

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201704-202

CONFIGURATIONS

sources: NVD: CVE-2014-9693

PATCH

title:	Huawei-SA-20141224-01-Tecal	url:	http://www.huawei.com/en/psirt/security-advisories/hw-408100	Trust: 0.8
title:	Patches for multiple Huawei server buffer overflow vulnerabilities	url:	https://www.cnvd.org.cn/patchinfo/show/91949	Trust: 0.6
title:	Various Huawei server buffer error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69049	Trust: 0.6

sources: CNVD: CNVD-2017-04637 // JVNDB: JVNDB-2014-008283 // CNNVD: CNNVD-201704-202

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9693	Trust: 3.1
db:	JVNDB	id:	JVNDB-2014-008283	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-202	Trust: 0.7
db:	CNVD	id:	CNVD-2017-04637	Trust: 0.6
db:	VULHUB	id:	VHN-77638	Trust: 0.1

sources: CNVD: CNVD-2017-04637 // VULHUB: VHN-77638 // JVNDB: JVNDB-2014-008283 // NVD: CVE-2014-9693 // CNNVD: CNNVD-201704-202

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/hw-408100	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9693	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9693	Trust: 0.8

sources: CNVD: CNVD-2017-04637 // VULHUB: VHN-77638 // JVNDB: JVNDB-2014-008283 // NVD: CVE-2014-9693 // CNNVD: CNNVD-201704-202

SOURCES

db:	CNVD	id:	CNVD-2017-04637
db:	VULHUB	id:	VHN-77638
db:	JVNDB	id:	JVNDB-2014-008283
db:	NVD	id:	CVE-2014-9693
db:	CNNVD	id:	CNNVD-201704-202

LAST UPDATE DATE

2023-12-18T13:53:04.069000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04637	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-77638	date:	2017-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2014-008283	date:	2017-05-02T00:00:00
db:	NVD	id:	CVE-2014-9693	date:	2017-04-05T23:54:24.113
db:	CNNVD	id:	CNNVD-201704-202	date:	2017-04-06T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04637	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-77638	date:	2017-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-008283	date:	2017-05-02T00:00:00
db:	NVD	id:	CVE-2014-9693	date:	2017-04-02T20:59:00.593
db:	CNNVD	id:	CNNVD-201704-202	date:	2017-04-06T00:00:00