CVE-2014-9137

Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:huawei:fusionmanager:v100r002c03:*:*:*:*:*:*:*
cpe:2.3:a:huawei:fusionmanager:v100r003c00:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:huawei:usg9500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:huawei:usg9500_firmware:v300r001c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:huawei:usg2100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:usg2100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:huawei:usg2200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:usg2200:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:huawei:usg5100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:usg5100:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:huawei:usg5500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:usg5500:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:20

Type Values Removed Values Added
References () http://www.huawei.com/en/psirt/security-advisories/hw-372186 - Vendor Advisory () http://www.huawei.com/en/psirt/security-advisories/hw-372186 - Vendor Advisory

Information

Published : 2017-04-02 20:59

Updated : 2024-11-21 02:20


NVD link : CVE-2014-9137

Mitre link : CVE-2014-9137

CVE.ORG link : CVE-2014-9137


JSON object : View

Products Affected

huawei

  • usg2100_firmware
  • usg5100
  • usg2200
  • usg5100_firmware
  • usg9500
  • usg5500
  • usg2200_firmware
  • usg5500_firmware
  • usg9500_firmware
  • usg2100
  • fusionmanager
CWE
CWE-352

Cross-Site Request Forgery (CSRF)