← Back

CVE-2014-5395

nvd nist
Published: Nov 21, 2014Modified: May 6, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors.

Affected (6)

Huawei
4 products
E5180s 22 Firmware
E3276 Firmware
E3236 Firmware
E586bs 2 Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
E5180s 22 Firmware
Up to e5180s-22tcpu-21.270.05.01.00
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
E3276 Firmware
Up to webui-13.100.09.00.03
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
E3276 Firmware
Up to e3276s-150tcpu-22.265.03.00.00
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
E3236 Firmware
Up to webui-13.100.10.00.03
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
E586bs 2 Firmware
Up to e586bs-2tcpu-21.322.08.00.889
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
E3236 Firmware
Up to e3236s-2tcpu-22.146.29.00.00

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.