Vulnerability Details : CVE-2014-8331
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions.
Vulnerability category: Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2014-8331
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-8331
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-8331
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8331
-
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm
Security Advisory-CSRF Vulnerability in Huawei HiLink ProductsVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95198
Huawei E3276 and E3236 cross-site request forgery CVE-2014-8331 Vulnerability Report
Products affected by CVE-2014-8331
- cpe:2.3:o:huawei:e3236_firmware:webui-13.100.10.00.03:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:e3236_firmware:e3236s-2tcpu-22.146.29.00.00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:e3276_firmware:e3276s-150tcpu-22.265.03.00.00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:e3276_firmware:webui-13.100.09.00.03:*:*:*:*:*:*:*