Sign-up

ID

VAR-201909-1666


TITLE

Huawei HG530 Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-33615

DESCRIPTION

Huawei HG530 is a router that integrates ADSL2, broadband sharer, 4-port switch and 54M wireless access point. Huawei HG530 has a cross-site request forgery vulnerability. An attacker could use this vulnerability to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or perform unauthorized operations.

Trust: 0.6

sources: CNVD: CNVD-2019-33615

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33615

AFFECTED PRODUCTS

vendor:huaweimodel:hg530scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-33615

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-33615
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2019-33615
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2019-33615

EXTERNAL IDS

db:PACKETSTORMid:153540

Trust: 0.6

db:CNVDid:CNVD-2019-33615

Trust: 0.6

sources: CNVD: CNVD-2019-33615

REFERENCES

url:https://packetstormsecurity.com/files/153540/huawei-hg530-cross-site-request-forgery.html

Trust: 0.6

sources: CNVD: CNVD-2019-33615

SOURCES

db:CNVDid:CNVD-2019-33615

LAST UPDATE DATE

2022-05-17T02:09:42.941000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-33615date:2019-09-29T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-33615date:2019-09-29T00:00:00