Details of VAR-201704-0473

ID

VAR-201704-0473

CVE

CVE-2014-9694

TITLE

plural Huawei Tecal Product cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008284

DESCRIPTION

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions have a CSRF vulnerability. The products do not use the Token mechanism for web access control. When users log in to the Huawei servers and access websites containing the malicious CSRF script, the CSRF script is executed, which may cause configuration tampering and system restart. plural Huawei Tecal The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei TecalRH1288V2 is a server of Huawei (Huawei) of China. A cross-site request forgery vulnerability exists in several Huawei servers. A remote attacker could exploit the vulnerability to tamper with the configuration or cause a system reboot. Huawei Tecal RH1288 V2 and others are all servers of the Chinese company Huawei

Trust: 2.25

sources: NVD: CVE-2014-9694 // JVNDB: JVNDB-2014-008284 // CNVD: CNVD-2017-04638 // VULHUB: VHN-77639

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04638

AFFECTED PRODUCTS

vendor:	huawei	model:	tecal rh2265 v2	scope:	eq	version:	v100r002c00	Trust: 2.4
vendor:	huawei	model:	tecal rh2268 v2	scope:	eq	version:	v100r002c00	Trust: 2.4
vendor:	huawei	model:	tecal bh620 v2	scope:	lte	version:	v100r002c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal bh621 v2	scope:	lte	version:	v100r002c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal bh622 v2	scope:	lte	version:	v100r002c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal bh640 v2	scope:	lte	version:	v100r002c00spc108	Trust: 1.8
vendor:	huawei	model:	tecal ch121	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch140	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal ch220	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch221	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch222	scope:	lte	version:	v100r002c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch240	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal ch242 v3	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal ch242	scope:	lte	version:	v100r001c00spc180	Trust: 1.8
vendor:	huawei	model:	tecal dh310 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal dh320 v2	scope:	lte	version:	v100r001c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal dh620 v2	scope:	lte	version:	v100r001c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal dh621 v2	scope:	lte	version:	v100r001c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal dh628 v2	scope:	lte	version:	v100r001c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal rh1288 v2	scope:	lte	version:	v100r002c00spc107	Trust: 1.8
vendor:	huawei	model:	tecal rh2285 v2	scope:	lte	version:	v100r002c00spc115	Trust: 1.8
vendor:	huawei	model:	tecal rh2285h v2	scope:	lte	version:	v100r002c00spc111	Trust: 1.8
vendor:	huawei	model:	tecal rh2288 v2	scope:	lte	version:	v100r002c00spc117	Trust: 1.8
vendor:	huawei	model:	tecal rh2288h v2	scope:	lte	version:	v100r002c00spc115	Trust: 1.8
vendor:	huawei	model:	tecal rh2485 v2	scope:	lte	version:	v100r002c00spc502	Trust: 1.8
vendor:	huawei	model:	tecal rh5885 v2	scope:	lte	version:	v100r001c02spc109	Trust: 1.8
vendor:	huawei	model:	tecal rh5885 v3	scope:	lte	version:	v100r003c01spc102	Trust: 1.8
vendor:	huawei	model:	tecal rh5885h v3	scope:	lte	version:	v100r003c00spc102	Trust: 1.8
vendor:	huawei	model:	tecal xh310 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal xh311 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal xh320 v2	scope:	lte	version:	v100r001c00spc110	Trust: 1.8
vendor:	huawei	model:	tecal xh621 v2	scope:	lte	version:	v100r001c00spc106	Trust: 1.8
vendor:	huawei	model:	tecal	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tecal rh2285h v2	scope:	eq	version:	v100r002c00spc111	Trust: 0.6
vendor:	huawei	model:	tecal rh2285 v2	scope:	eq	version:	v100r002c00spc115	Trust: 0.6
vendor:	huawei	model:	tecal rh2288h v2	scope:	eq	version:	v100r002c00spc115	Trust: 0.6
vendor:	huawei	model:	tecal rh5885 v2	scope:	eq	version:	v100r001c02spc109	Trust: 0.6
vendor:	huawei	model:	tecal rh2485 v2	scope:	eq	version:	v100r002c00spc502	Trust: 0.6
vendor:	huawei	model:	tecal rh1288 v2	scope:	eq	version:	v100r002c00spc107	Trust: 0.6
vendor:	huawei	model:	tecal rh2288 v2	scope:	eq	version:	v100r002c00spc117	Trust: 0.6

sources: CNVD: CNVD-2017-04638 // JVNDB: JVNDB-2014-008284 // NVD: CVE-2014-9694 // CNNVD: CNNVD-201704-201

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2014-9694
value:	HIGH
Trust: 1.8
CNVD:	CNVD-2017-04638
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-201
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-77639
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0
NVD:	CVE-2014-9694
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2017-04638
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-77639
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2014-9694
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-04638 // VULHUB: VHN-77639 // JVNDB: JVNDB-2014-008284 // NVD: CVE-2014-9694 // CNNVD: CNNVD-201704-201

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-77639 // JVNDB: JVNDB-2014-008284 // NVD: CVE-2014-9694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-201

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201704-201

CONFIGURATIONS

sources: NVD: CVE-2014-9694

PATCH

title:	Huawei-SA-20141224-01-Tecal	url:	http://www.huawei.com/en/psirt/security-advisories/hw-408100	Trust: 0.8
title:	Patches for multiple Huawei server cross-site request forgery vulnerabilities	url:	https://www.cnvd.org.cn/patchinfo/show/91950	Trust: 0.6
title:	Repair measures for multiple Huawei server cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69048	Trust: 0.6

sources: CNVD: CNVD-2017-04638 // JVNDB: JVNDB-2014-008284 // CNNVD: CNNVD-201704-201

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9694	Trust: 3.1
db:	JVNDB	id:	JVNDB-2014-008284	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-201	Trust: 0.7
db:	CNVD	id:	CNVD-2017-04638	Trust: 0.6
db:	VULHUB	id:	VHN-77639	Trust: 0.1

sources: CNVD: CNVD-2017-04638 // VULHUB: VHN-77639 // JVNDB: JVNDB-2014-008284 // NVD: CVE-2014-9694 // CNNVD: CNNVD-201704-201

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/hw-408100	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9694	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9694	Trust: 0.8

sources: CNVD: CNVD-2017-04638 // VULHUB: VHN-77639 // JVNDB: JVNDB-2014-008284 // NVD: CVE-2014-9694 // CNNVD: CNNVD-201704-201

SOURCES

db:	CNVD	id:	CNVD-2017-04638
db:	VULHUB	id:	VHN-77639
db:	JVNDB	id:	JVNDB-2014-008284
db:	NVD	id:	CVE-2014-9694
db:	CNNVD	id:	CNNVD-201704-201

LAST UPDATE DATE

2023-12-18T14:05:49.693000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04638	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-77639	date:	2017-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2014-008284	date:	2017-05-02T00:00:00
db:	NVD	id:	CVE-2014-9694	date:	2017-04-05T23:55:07.943
db:	CNNVD	id:	CNNVD-201704-201	date:	2017-04-06T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04638	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-77639	date:	2017-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-008284	date:	2017-05-02T00:00:00
db:	NVD	id:	CVE-2014-9694	date:	2017-04-02T20:59:00.627
db:	CNNVD	id:	CNNVD-201704-201	date:	2017-04-06T00:00:00