Published: 21/11/2014 Updated: 08/01/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 prior to 21.270.21.00.00, and E586Bs-2 prior to 21.322.10.00.889 allow remote malicious users to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
huawei e5180s-22 firmware
huawei e3276 firmware
huawei e3236 firmware
huawei e586bs-2 firmware

# Exploit Title: Huawei E5330 Cross-Site Request Forgery (Send SMS) # Date: 01/07/2019 # Exploit Author: Nathu Nandwani # Website: nandtechco/ # Vendor Homepage: consumerhuaweicom/in/mobile-broadband/e5330/ # Version: 212100900158 # Tested on: Windows 10 x64 # CVE: CVE-2014-5395 # Note: The administrator who opens the URL shou ...

Huawei E5330 version 212100900158 suffers from a cross site request forgery vulnerability ...

CWE-352 http://www.securityfocus.com/bid/69162 http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm https://www.exploit-db.com/exploits/46092/https://nvd.nist.gov https://www.exploit-db.com/exploits/46092

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-5395

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect