Vulnerabilites related to huawei - ws7200-10
cve-2023-7266
Vulnerability from cvelistv5
Published
2024-12-28 07:00
Modified
2024-12-28 16:18
Severity ?
EPSS score ?
Summary
Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)
This vulnerability has been assigned a (CVE)ID:CVE-2023-7266
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T16:17:24.290887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T16:18:05.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TC7001-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "2.0.0.336(SP6C300)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS7200-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "WS7200-10-OTA 3.0.3.215-fullpackage(auto_1)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS7206-10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "WS7206-10-OTA 4.0.0.16(V3R2)-fullpackage(auto)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSome Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability has been assigned a (CVE)ID:CVE-2023-7266\u003c/span\u003e"
}
],
"value": "Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7266"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420 Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T07:00:51.369Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d616b19e-en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2023-7266",
"datePublished": "2024-12-28T07:00:51.369Z",
"dateReserved": "2024-06-05T06:02:52.290Z",
"dateUpdated": "2024-12-28T16:18:05.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33735
Vulnerability from cvelistv5
Published
2022-09-20 19:44
Modified
2024-08-03 08:09
Severity ?
EPSS score ?
Summary
There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220628-01-2eda0853-en | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220628-01-2eda0853-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WS7200-10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "11.0.2.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Password Verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T19:44:06",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220628-01-2eda0853-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-33735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WS7200-10",
"version": {
"version_data": [
{
"version_value": "11.0.2.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password Verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220628-01-2eda0853-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220628-01-2eda0853-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2022-33735",
"datePublished": "2022-09-20T19:44:06",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46835
Vulnerability from cvelistv5
Published
2022-09-20 19:49
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-en | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WS7200-10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "11.0.2.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Traffic Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T19:49:49",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-46835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WS7200-10",
"version": {
"version_data": [
{
"version_value": "11.0.2.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Traffic Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-46835",
"datePublished": "2022-09-20T19:49:49",
"dateReserved": "2022-08-25T00:00:00",
"dateUpdated": "2024-08-04T05:17:42.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-9122
Vulnerability from cvelistv5
Published
2020-10-12 13:37
Modified
2024-08-04 10:19
Severity ?
EPSS score ?
Summary
Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-verification-en | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HiRouter-CD30-10;HiRouter-CT31-10;WS5200-12;WS5281-10;WS5800-10;WS7100-10;WS7200-10 |
Version: 10.0.2.5 Version: 10.0.2.20 Version: 10.0.1.9 Version: 10.0.5.10 Version: 10.0.3.25 Version: 10.0.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-verification-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HiRouter-CD30-10;HiRouter-CT31-10;WS5200-12;WS5281-10;WS5800-10;WS7100-10;WS7200-10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.0.2.5"
},
{
"status": "affected",
"version": "10.0.2.20"
},
{
"status": "affected",
"version": "10.0.1.9"
},
{
"status": "affected",
"version": "10.0.5.10"
},
{
"status": "affected",
"version": "10.0.3.25"
},
{
"status": "affected",
"version": "10.0.5.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Input Verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:37:31",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-verification-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiRouter-CD30-10;HiRouter-CT31-10;WS5200-12;WS5281-10;WS5800-10;WS7100-10;WS7200-10",
"version": {
"version_data": [
{
"version_value": "10.0.2.5"
},
{
"version_value": "10.0.2.20"
},
{
"version_value": "10.0.1.9"
},
{
"version_value": "10.0.5.10"
},
{
"version_value": "10.0.3.25"
},
{
"version_value": "10.0.5.21"
},
{
"version_value": "10.0.5.21"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Input Verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-verification-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-verification-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9122",
"datePublished": "2020-10-12T13:37:31",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:20.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202206-2226
Vulnerability from variot
There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed. Huawei of WS7200-10 A vulnerability exists in firmware that improperly limits excessive authentication attempts.Information may be obtained. Huawei ws7200-10 is a wireless router of China Huawei (HUAWEI).
Huawei WS7200-10 11.0.2.13 has an access control error vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ws7200-10",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "11.0.2.13"
},
{
"model": "ws7200-10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws7200-10",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws7200-10",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "ws7200-10 firmware 11.0.2.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-01053"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018968"
},
{
"db": "NVD",
"id": "CVE-2022-33735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability information provided by Linfeng Xiao(@migraine-sudo) and Lingjuan Tang supply. grateful Linfeng Xiao(@migraine-sudo) and Lingjuan Tang Pay attention to Huawei product vulnerabilities!",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2763"
}
],
"trust": 0.6
},
"cve": "CVE-2022-33735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2023-01053",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-33735",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-33735",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33735",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-33735",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2023-01053",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2763",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-01053"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018968"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2763"
},
{
"db": "NVD",
"id": "CVE-2022-33735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed. Huawei of WS7200-10 A vulnerability exists in firmware that improperly limits excessive authentication attempts.Information may be obtained. Huawei ws7200-10 is a wireless router of China Huawei (HUAWEI). \n\r\n\r\nHuawei WS7200-10 11.0.2.13 has an access control error vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018968"
},
{
"db": "CNVD",
"id": "CNVD-2023-01053"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33735",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018968",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-01053",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2763",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-01053"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018968"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2763"
},
{
"db": "NVD",
"id": "CVE-2022-33735"
}
]
},
"id": "VAR-202206-2226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-01053"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-01053"
}
]
},
"last_update_date": "2024-08-14T15:11:24.967000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for HUAWEI WS7200-10 Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/380816"
},
{
"title": "Huawei WS7200-10 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=208405"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-01053"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2763"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.0
},
{
"problemtype": "Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018968"
},
{
"db": "NVD",
"id": "CVE-2022-33735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220628-01-2eda0853-en"
},
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20220628-01-2eda0853-cn"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33735"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33735/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-01053"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018968"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2763"
},
{
"db": "NVD",
"id": "CVE-2022-33735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-01053"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018968"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2763"
},
{
"db": "NVD",
"id": "CVE-2022-33735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-01053"
},
{
"date": "2023-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018968"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2763"
},
{
"date": "2022-09-20T20:15:09.927000",
"db": "NVD",
"id": "CVE-2022-33735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-01053"
},
{
"date": "2023-10-24T03:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018968"
},
{
"date": "2022-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2763"
},
{
"date": "2022-09-22T12:47:44.607000",
"db": "NVD",
"id": "CVE-2022-33735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2763"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei\u00a0 of \u00a0WS7200-10\u00a0 Firmware Improperly Limiting Excessive Authentication Attempts Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018968"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2763"
}
],
"trust": 0.6
}
}
var-202208-2225
Vulnerability from variot
There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. Huawei of WS7200-10 There are unspecified vulnerabilities in the firmware.Information may be tampered with. HUAWEI WS7200-10 is a wireless router of China Huawei (HUAWEI).
HUAWEI WS7200-10 has security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-2225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ws7200-10",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "11.0.2.13"
},
{
"model": "ws7200-10",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws7200-10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws7200-10",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "ws7200-10 firmware 11.0.2.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81252"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017685"
},
{
"db": "NVD",
"id": "CVE-2021-46835"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vulnerability was discovered by Huawei internal testers",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4530"
}
],
"trust": 0.6
},
"cve": "CVE-2021-46835",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2022-81252",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-46835",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-46835",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-46835",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-46835",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2022-81252",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4530",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81252"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017685"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4530"
},
{
"db": "NVD",
"id": "CVE-2021-46835"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. Huawei of WS7200-10 There are unspecified vulnerabilities in the firmware.Information may be tampered with. HUAWEI WS7200-10 is a wireless router of China Huawei (HUAWEI). \n\r\n\r\nHUAWEI WS7200-10 has security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-46835"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017685"
},
{
"db": "CNVD",
"id": "CNVD-2022-81252"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-46835",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017685",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-81252",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4530",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81252"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017685"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4530"
},
{
"db": "NVD",
"id": "CVE-2021-46835"
}
]
},
"id": "VAR-202208-2225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81252"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81252"
}
]
},
"last_update_date": "2024-08-14T15:32:33.431000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei WS7200-10 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=208407"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4530"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017685"
},
{
"db": "NVD",
"id": "CVE-2021-46835"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-en"
},
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-cn"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46835"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-46835/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81252"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017685"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4530"
},
{
"db": "NVD",
"id": "CVE-2021-46835"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-81252"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017685"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4530"
},
{
"db": "NVD",
"id": "CVE-2021-46835"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-81252"
},
{
"date": "2023-10-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-017685"
},
{
"date": "2022-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4530"
},
{
"date": "2022-09-20T20:15:09.827000",
"db": "NVD",
"id": "CVE-2021-46835"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-81252"
},
{
"date": "2023-10-16T06:34:00",
"db": "JVNDB",
"id": "JVNDB-2022-017685"
},
{
"date": "2022-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4530"
},
{
"date": "2022-09-22T14:32:32.677000",
"db": "NVD",
"id": "CVE-2021-46835"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4530"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei\u00a0 of \u00a0WS7200-10\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017685"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4530"
}
],
"trust": 0.6
}
}
var-202010-1178
Vulnerability from variot
Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21. plural Huawei The product contains an input verification vulnerability.Denial of service (DoS) It may be put into a state. Huawei HiRouter-CD30-10, etc. are all wireless routers of China's Huawei (Huawei) company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hirouter-cd30-10",
"scope": "gte",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.2.5"
},
{
"model": "ws5281-10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.5.32"
},
{
"model": "hirouter-cd30-10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.5.7"
},
{
"model": "ws5200-12",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.5.6"
},
{
"model": "ws5200-12",
"scope": "gte",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.1.9"
},
{
"model": "ws7100-10",
"scope": "gte",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.5.21"
},
{
"model": "ws7100-10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.5.37"
},
{
"model": "ws7200-10",
"scope": "gte",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.5.21"
},
{
"model": "ws5800-10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.3.33"
},
{
"model": "ws7200-10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.5.37"
},
{
"model": "ws5281-10",
"scope": "gte",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.5.10"
},
{
"model": "ws5800-10",
"scope": "gte",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.3.25"
},
{
"model": "hirouter-ct31-10",
"scope": "gte",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.2.20"
},
{
"model": "hirouter-ct31-10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.2.37"
},
{
"model": "hirouter-cd30-10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hirouter-ct31-10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws5200-12",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws5281-10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws5800-10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws7100-10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ws7200-10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hirouter-ct31-10",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10.0.2.20"
},
{
"model": "ws5800-10",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10.0.3.25"
},
{
"model": "hirouter-cd30-10",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10.0.2.5"
},
{
"model": "ws5200-12",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10.0.1.9"
},
{
"model": "ws5281-10",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10.0.5.10"
},
{
"model": "ws7100-10",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10.0.5.21"
},
{
"model": "ws7200-10",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10.0.5.21"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-68353"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012148"
},
{
"db": "NVD",
"id": "CVE-2020-9122"
}
]
},
"cve": "CVE-2020-9122",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-9122",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2020-68353",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-9122",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-9122",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9122",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-9122",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-68353",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1682",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9122",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-68353"
},
{
"db": "VULMON",
"id": "CVE-2020-9122"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012148"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1682"
},
{
"db": "NVD",
"id": "CVE-2020-9122"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21. plural Huawei The product contains an input verification vulnerability.Denial of service (DoS) It may be put into a state. Huawei HiRouter-CD30-10, etc. are all wireless routers of China\u0027s Huawei (Huawei) company",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9122"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012148"
},
{
"db": "CNVD",
"id": "CNVD-2020-68353"
},
{
"db": "VULMON",
"id": "CVE-2020-9122"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9122",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012148",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-68353",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1682",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-9122",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-68353"
},
{
"db": "VULMON",
"id": "CVE-2020-9122"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012148"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1682"
},
{
"db": "NVD",
"id": "CVE-2020-9122"
}
]
},
"id": "VAR-202010-1178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-68353"
}
],
"trust": 1.2815476428571428
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-68353"
}
]
},
"last_update_date": "2024-11-23T21:35:09.319000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20200930-01-verification",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-verification-en"
},
{
"title": "Patch for Input verification vulnerabilities in multiple Huawei products (CNVD-2020-68353)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/241531"
},
{
"title": "HUAWEI Glory routing Pro 2 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131161"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-68353"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012148"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1682"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012148"
},
{
"db": "NVD",
"id": "CVE-2020-9122"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-verification-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9122"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200930-01-verification-cn"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189273"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-68353"
},
{
"db": "VULMON",
"id": "CVE-2020-9122"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012148"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1682"
},
{
"db": "NVD",
"id": "CVE-2020-9122"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-68353"
},
{
"db": "VULMON",
"id": "CVE-2020-9122"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012148"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1682"
},
{
"db": "NVD",
"id": "CVE-2020-9122"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-68353"
},
{
"date": "2020-10-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9122"
},
{
"date": "2021-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012148"
},
{
"date": "2020-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1682"
},
{
"date": "2020-10-12T14:15:14.387000",
"db": "NVD",
"id": "CVE-2020-9122"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-68353"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9122"
},
{
"date": "2021-04-26T07:54:00",
"db": "JVNDB",
"id": "JVNDB-2020-012148"
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1682"
},
{
"date": "2024-11-21T05:40:05.620000",
"db": "NVD",
"id": "CVE-2020-9122"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1682"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Huawei\u00a0 Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012148"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1682"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2022-09-20 20:15
Modified
2024-11-21 07:08
Severity ?
Summary
There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | ws7200-10_firmware | 11.0.2.13 | |
| huawei | ws7200-10 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ws7200-10_firmware:11.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB7E8B4-6C1C-4977-90D3-72926FABBE0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ws7200-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC813CE-339B-4DB6-9920-D64D185FDDD9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de verificaci\u00f3n de contrase\u00f1a en WS7200-10 versi\u00f3n 11.0.2.13. Los atacantes en la LAN pueden usar la fuerza bruta para obtener las contrase\u00f1as, lo que puede causar que sea divulgada informaci\u00f3n confidencial del sistema"
}
],
"id": "CVE-2022-33735",
"lastModified": "2024-11-21T07:08:26.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-20T20:15:09.927",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220628-01-2eda0853-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220628-01-2eda0853-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 14:15
Modified
2024-11-21 05:40
Severity ?
Summary
Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | hirouter-cd30-10_firmware | * | |
| huawei | hirouter-cd30-10 | - | |
| huawei | hirouter-ct31-10_firmware | * | |
| huawei | hirouter-ct31-10 | - | |
| huawei | ws5200-12_firmware | * | |
| huawei | ws5200-12 | - | |
| huawei | ws5281-10_firmware | * | |
| huawei | ws5281-10 | - | |
| huawei | ws5800-10_firmware | * | |
| huawei | ws5800-10 | - | |
| huawei | ws7100-10_firmware | * | |
| huawei | ws7100-10 | - | |
| huawei | ws7200-10_firmware | * | |
| huawei | ws7200-10 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hirouter-cd30-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21DAB41B-30DC-4621-9AF0-D60EAB48511B",
"versionEndExcluding": "10.0.5.7",
"versionStartIncluding": "10.0.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hirouter-cd30-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "593BD59F-41AA-4AEB-8F13-43484BE26E1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hirouter-ct31-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86B841D5-A00F-4A94-B90D-3183C33429FB",
"versionEndExcluding": "10.0.2.37",
"versionStartIncluding": "10.0.2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hirouter-ct31-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD8A7CD-6AF2-4681-9DED-1A225623FC18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ws5200-12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EACB670B-E1DC-4734-9683-D3A732F61A54",
"versionEndIncluding": "10.0.5.6",
"versionStartIncluding": "10.0.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ws5200-12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10DE8454-E98B-4AA4-97A9-61DC3BB0E4B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ws5281-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6855ED3B-FD30-4A51-B748-68A21DDD183D",
"versionEndExcluding": "10.0.5.32",
"versionStartIncluding": "10.0.5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ws5281-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A157FDA-330F-4DF0-AF48-8570B4734D62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ws5800-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE6EB21-4CBC-4E98-BC81-05A298941727",
"versionEndExcluding": "10.0.3.33",
"versionStartIncluding": "10.0.3.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ws5800-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED553DD3-585A-4BD2-9291-B9C09AC6AC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ws7100-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F83A176-A2F9-478C-BFA3-1A637095E88B",
"versionEndExcluding": "10.0.5.37",
"versionStartIncluding": "10.0.5.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ws7100-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "990433C4-F54F-4B50-8972-68F1CF485E1F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ws7200-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923DA700-265A-4099-BC3D-E5A44A1D747F",
"versionEndExcluding": "10.0.5.37",
"versionStartIncluding": "10.0.5.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ws7200-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC813CE-339B-4DB6-9920-D64D185FDDD9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21."
},
{
"lang": "es",
"value": "Algunos productos Huawei presentan una vulnerabilidad de verificaci\u00f3n de entrada insuficiente.\u0026#xa0;Los atacantes pueden explotar esta vulnerabilidad en la LAN para causar un servicio anormal en los dispositivos afectados. Las versiones de productos afectados incluyen: HiRouter-CD30-10 versi\u00f3n 10.0.2.5; HiRouter-CT31-10 versi\u00f3n 10.0.2.20; WS5200-12 versi\u00f3n 10.0.1.9; WS5281 -10 versi\u00f3n 10.0.5.10; WS5800-10 versi\u00f3n 10.0.3.25; WS7100-10 versi\u00f3n 10.0.5.21; WS7200-10 versi\u00f3n 10.0.5.21"
}
],
"id": "CVE-2020-9122",
"lastModified": "2024-11-21T05:40:05.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T14:15:14.387",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-verification-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-verification-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-28 07:15
Modified
2025-01-13 20:48
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)
This vulnerability has been assigned a (CVE)ID:CVE-2023-7266
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | tc7001-10_firmware | 2.0.0.336\(sp6c300\) | |
| huawei | tc7001-10 | - | |
| huawei | ws7200-10_firmware | 3.0.3.215 | |
| huawei | ws7200-10 | - | |
| huawei | ws7206-10_firmware | 4.0.0.16\(v3r2\) | |
| huawei | ws7206-10 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:tc7001-10_firmware:2.0.0.336\\(sp6c300\\):*:*:*:*:*:*:*",
"matchCriteriaId": "34A51E6B-696A-4275-A1CC-18AD400426DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:tc7001-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291B8DCD-DE45-4834-8F16-2464EB29FD46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ws7200-10_firmware:3.0.3.215:*:*:*:*:*:*:*",
"matchCriteriaId": "633DC6F0-E031-4278-8E0B-41AE975F7DD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ws7200-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC813CE-339B-4DB6-9920-D64D185FDDD9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ws7206-10_firmware:4.0.0.16\\(v3r2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C0416-F770-415C-9013-332A61E4D358",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ws7206-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8153CF45-E1C2-4355-8E99-12B3321A3C28",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7266"
},
{
"lang": "es",
"value": "Algunos routeres dom\u00e9sticos de Huawei tienen una vulnerabilidad de secuestro de conexi\u00f3n. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar ataques de denegaci\u00f3n de servicio (DoS) o fuga de informaci\u00f3n. (ID de vulnerabilidad: HWPSIRT-2023-76605) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad de seguridad (CVE): CVE-2023-7266"
}
],
"id": "CVE-2023-7266",
"lastModified": "2025-01-13T20:48:22.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@huawei.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-28T07:15:19.967",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d616b19e-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-420"
}
],
"source": "psirt@huawei.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-20 20:15
Modified
2024-11-21 06:34
Severity ?
Summary
There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | ws7200-10_firmware | 11.0.2.13 | |
| huawei | ws7200-10 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ws7200-10_firmware:11.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB7E8B4-6C1C-4977-90D3-72926FABBE0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ws7200-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC813CE-339B-4DB6-9920-D64D185FDDD9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de secuestro de tr\u00e1fico en WS7200-10 versi\u00f3n 11.0.2.13. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede causar el secuestro de paquetes por parte de atacantes"
}
],
"id": "CVE-2021-46835",
"lastModified": "2024-11-21T06:34:47.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-20T20:15:09.827",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}