CVE-2012-4960
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD
Description
The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
Affected (107)
Products: Huawei: Acu, Ar 19/29/49, Ar G3, Atn, Cx200, Cx300, Cx600, E200 Usg2200, E200 Usg5100, E200e B, E200e C, E200e Usg2100, E200e X1, E200e X2, E200x3, E200x5, E200x7, Eudemon1000, Eudemon1000e U, Eudemon1000e X, Eudemon100e, Eudemon200, Eudemon300, Eudemon500, Eudemon8000e X, Eudemon 8080e, Eudemon 8160e, Eudemon Usg5300, Eudemon Usg5500, Eudemon Usg9300, Eudemon Usg9500, H3c Ar(oem In), Ma5200g, Me60, Ne20, Ne20e X6, Ne40, Ne40e, Ne40e/80e, Ne5000e, Ne80, Ne80e, Nip100, Nip1000, Nip200, Nip2100, Nip2200, Nip5100, S2300, S2700, S3300, S3300hi, S3700, S5300, S5300hi, S5306, S5700, S6300, S6700, S7700, S9300, Svn2000, Svn3000, Svn5000, Svn5300, Wlan Ac 6605
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version v100r003c01spc100 | |
| Up to r2207 | |
| Version v200r001c00 | |
| Version v200r001c00 | |
| Version v100r005 | |
| Version v100r005 | |
| Version v200r002 | |
| Up to v200r003c00 | |
| Up to v200r003c00 | |
| Up to v100r005c01 | |
| Up to v200r003c00 | |
| Up to v100r005c01 | |
| Up to v100r005c01 | |
| Up to v100r005c01 | |
| Up to v200r003c00 | |
| Up to v200r003c00 | |
| Up to v200r003c00 | |
| Up to v200r006c02 | |
| Up to v200r001 | |
| Up to v200r002 | |
| Version v200r007 | |
| Version v200r001 | |
| Up to v200r006c02 | |
| Up to v200r006c02 | |
| Up to v200r001c00spc600 | |
| Up to v100r003c00 | |
| Up to v100r003c00 | |
| Up to v200r001 | |
| Up to v200r002 | |
| Up to v100r003c00 | |
| Up to v200r001c00spc600 | |
| Up to r2209 | |
| Version v200r003 | |
| Version v100r005 | |
| Version v200r005 | |
| Version v300r005 | |
| Version v300r005 | |
| Version v300r005 | |
| Version v600r002 | |
| Version v300r007 | |
| Version v300r005 | |
| Version v600r001 | |
| Version v100r001 | |
| Version v100r001 | |
| Version v100r001 | |
| Version v100r001c00 | |
| Version v100r001c00 | |
| Version v100r001c00 | |
| Version v100r002 | |
| Version v100r006 | |
| Version v100r002 | |
| Version v100r006 | |
| Version v100r005 | |
| Version v100r002 | |
| Version v100r006 | |
| Version v100r006 | |
| Version v100r005 | |
| Version v100r006 | |
| Version v100r006 | |
| Version v100r003 | |
| Version v100r001 | |
| Version v200r001c00 | |
| Version v100r002c02spc802b041 | |
| Version v200r001c00 | |
| Version v100r001c01b019 | |
| Version v200r001c00 |
Related CWEs
References (4)
Source: cret@cert.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Timeline
No history available yet.