cvelistv5 - cve-2015-3912

CVE-2015-3912 (GCVE-0-2015-3912)

Vulnerability from cvelistv5

Published

2015-05-21 19:00

Modified

2024-08-06 05:56

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201505-0319

Vulnerability from variot

Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. Huawei E355s is a wireless shared device of China's Huawei company. Huawei E355s has an information disclosure vulnerability. An attacker could exploit this vulnerability to obtain sensitive information. Huawei E355s is prone to an information-disclosure vulnerability. Security vulnerabilities exist in Huawei E355s Mobile WiFi and WEBUI versions earlier than 13.100.04.01.625 using firmware versions earlier than 22.158.45.02.625

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0319",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "e355s mobile wifi",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "22.158.01.00.625"
      },
      {
        "model": "webui",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "11.011.04.00.625"
      },
      {
        "model": "e355s",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "e355s",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "22.158.45.02.625"
      },
      {
        "model": "webui",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "13.100.04.01.625"
      },
      {
        "model": "e355",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "webui",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "11.011.04.00.625"
      },
      {
        "model": "e355s mobile wifi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "22.158.01.00.625"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-334"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3912"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:huawei:e355s_mobile_wifi",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:e355s_mobile_wifi_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:huawei:webui",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002775"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Evilsocket",
    "sources": [
      {
        "db": "BID",
        "id": "74397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-334"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-3912",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-3912",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-03262",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81873",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-3912",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-3912",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-03262",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-334",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81873",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81873"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-334"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3912"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. Huawei E355s is a wireless shared device of China\u0027s Huawei company. Huawei E355s has an information disclosure vulnerability. An attacker could exploit this vulnerability to obtain sensitive information. Huawei E355s is prone to an information-disclosure vulnerability. Security vulnerabilities exist in Huawei E355s Mobile WiFi and WEBUI versions earlier than 13.100.04.01.625 using firmware versions earlier than 22.158.45.02.625",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3912"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002775"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      },
      {
        "db": "BID",
        "id": "74397"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81873"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3912",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "74397",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002775",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-334",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03262",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-81873",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81873"
      },
      {
        "db": "BID",
        "id": "74397"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-334"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3912"
      }
    ]
  },
  "id": "VAR-201505-0319",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81873"
      }
    ],
    "trust": 1.34583335
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:42:28.700000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Huawei-SA-20150429-01-E355s",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm"
      },
      {
        "title": "Huawei E355s Information Disclosure Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/58721"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002775"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81873"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002775"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3912"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/74397"
      },
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3912"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3912"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81873"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-334"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3912"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81873"
      },
      {
        "db": "BID",
        "id": "74397"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-334"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3912"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      },
      {
        "date": "2015-05-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81873"
      },
      {
        "date": "2015-04-29T00:00:00",
        "db": "BID",
        "id": "74397"
      },
      {
        "date": "2015-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002775"
      },
      {
        "date": "2015-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-334"
      },
      {
        "date": "2015-05-21T19:59:01.327000",
        "db": "NVD",
        "id": "CVE-2015-3912"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      },
      {
        "date": "2015-05-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81873"
      },
      {
        "date": "2015-07-15T00:04:00",
        "db": "BID",
        "id": "74397"
      },
      {
        "date": "2015-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002775"
      },
      {
        "date": "2015-05-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-334"
      },
      {
        "date": "2024-11-21T02:30:04.707000",
        "db": "NVD",
        "id": "CVE-2015-3912"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-334"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei E355s Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03262"
      },
      {
        "db": "BID",
        "id": "74397"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-334"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2015-3912

Vulnerability from fkie_nvd

Published

2015-05-21 19:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/74397
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74397

Impacted products

Vendor	Product	Version
huawei	webui	*
huawei	e355s_mobile_wifi_firmware	*
huawei	e355s_mobile_wifi	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:webui:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE6CC843-B465-4557-855E-F4F7BD495DC4",
              "versionEndIncluding": "11.011.04.00.625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:e355s_mobile_wifi_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5601014-7B4F-40F0-9E85-B6263E2E7E24",
              "versionEndIncluding": "22.158.01.00.625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:e355s_mobile_wifi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45DA4D78-3AC6-48FC-9F85-3A8F2877B156",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands."
    },
    {
      "lang": "es",
      "value": "Huawei E355s Mobile WiFi con firmware anterior a 22.158.45.02.625 y WEBUI anterior a 13.100.04.01.625 permite a atacantes remotos obtener informaci\u00f3n sensible mediante la captura de trafico de la red o el env\u00edo de comandos no especificados."
    }
  ],
  "id": "CVE-2015-3912",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-21T19:59:01.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74397"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-9qrw-j2qh-47hj

Vulnerability from github

Published

2022-05-17 04:13

Modified

2022-05-17 04:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-05-21T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.",
  "id": "GHSA-9qrw-j2qh-47hj",
  "modified": "2022-05-17T04:13:16Z",
  "published": "2022-05-17T04:13:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3912"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74397"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2015-3912

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-3912

Aliases

CVE-2015-3912

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3912",
    "description": "Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.",
    "id": "GSD-2015-3912"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3912"
      ],
      "details": "Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.",
      "id": "GSD-2015-3912",
      "modified": "2023-12-13T01:20:07.981977Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-3912",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm"
          },
          {
            "name": "74397",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/74397"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:webui:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.011.04.00.625",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:e355s_mobile_wifi_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "22.158.01.00.625",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:e355s_mobile_wifi:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3912"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm"
            },
            {
              "name": "74397",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/74397"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-05-22T14:05Z",
      "publishedDate": "2015-05-21T19:59Z"
    }
  }
}

cnvd-2015-03262

Vulnerability from cnvd

Title

Huawei E355s信息泄露漏洞

Description

Huawei E355s是中国华为（Huawei）公司的一款无线共享设备。 Huawei E355s存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

Huawei E355s信息泄露漏洞的补丁

Patch Description

Huawei E355s是中国华为（Huawei）公司的一款无线共享设备。 Huawei E355s存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://consumer.huawei.com/en/support/products/technicalspecs/e355-en.htm

Reference

http://www.securityfocus.com/bid/74397

Impacted products

Name
Huawei E355

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "74397"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3912"
    }
  },
  "description": "Huawei E355s\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u5171\u4eab\u8bbe\u5907\u3002\r\n\r\nHuawei E355s\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Evilsocket",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\nhttp://consumer.huawei.com/en/support/products/technicalspecs/e355-en.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03262",
  "openTime": "2015-05-21",
  "patchDescription": "Huawei E355s\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u5171\u4eab\u8bbe\u5907\u3002 \r\n\r\nHuawei E355s\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei E355s\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei E355"
  },
  "referenceLink": "http://www.securityfocus.com/bid/74397",
  "serverity": "\u4e2d",
  "submitTime": "2015-05-19",
  "title": "Huawei E355s\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-3912 (GCVE-0-2015-3912)

Vulnerability from cvelistv5

var-201505-0319

Vulnerability from variot

fkie_cve-2015-3912

Vulnerability from fkie_nvd

ghsa-9qrw-j2qh-47hj

Vulnerability from github

gsd-2015-3912

Vulnerability from gsd

cnvd-2015-03262

Vulnerability from cnvd

Tags

Sightings

Nomenclature