CVE-2015-3912

Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm	Vendor Advisory
http://www.securityfocus.com/bid/74397

Configurations

Configuration 1 (hide)

cpe:2.3:a:huawei:webui:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:e355s_mobile_wifi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:e355s_mobile_wifi:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-05-21 19:59

Updated : 2024-02-28 15:21

NVD link : CVE-2015-3912

Mitre link : CVE-2015-3912

CVE.ORG link : CVE-2015-3912

JSON object : View

Products Affected

huawei

e355s_mobile_wifi_firmware
e355s_mobile_wifi
webui

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2015-3912", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-05-21T19:59:01.327", "references": [{"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/74397", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands."}, {"lang": "es", "value": "Huawei E355s Mobile WiFi con firmware anterior a 22.158.45.02.625 y WEBUI anterior a 13.100.04.01.625 permite a atacantes remotos obtener informaci\u00f3n sensible mediante la captura de trafico de la red o el env\u00edo de comandos no especificados."}], "lastModified": "2015-05-22T14:05:42.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:webui:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE6CC843-B465-4557-855E-F4F7BD495DC4", "versionEndIncluding": "11.011.04.00.625"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e355s_mobile_wifi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5601014-7B4F-40F0-9E85-B6263E2E7E24", "versionEndIncluding": "22.158.01.00.625"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:e355s_mobile_wifi:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "45DA4D78-3AC6-48FC-9F85-3A8F2877B156"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}