Vulnerability Note VU#341526
Huawei E355 contains a direct request vulnerability
Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. (CWE-425)
Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. An attacker is able to directly access specific URL's of the device's web interface to gather sensitive configuration information and also change the configuration without authenticating to the device.
The reporter, Jimson K James, has written a metasploit module to exploit the vulnerability.
A remote unauthenticated attacker on an adjacent network may be able to change the administrator's password and reconfigure the device.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Huawei Technologies||Affected||12 Nov 2013||06 Mar 2014|
CVSS Metrics (Learn More)
Thanks to Jimson K James for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2013-6031
- Date Public: 06 Mar 2014
- Date First Published: 06 Mar 2014
- Date Last Updated: 06 Mar 2014
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.