← Back

CVE-2014-9136

nvd nist
Published: Apr 2, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.

Affected (8)

Huawei
6 products
Fusionmanager
Usg9500 Firmware
Usg2100 Firmware
Usg2200 Firmware
Usg5100 Firmware
Usg5500 Firmware
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Huawei
Fusionmanager
Up to v100r002c03
Fusionmanager
Up to v100r003c00
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Huawei
Usg9500 Firmware
Up to v200r001c01spc800
Usg9500 Firmware
Up to v300r001c00
Running on/withPlatform Versions
Huawei
Usg9500
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg2100 Firmware
Up to v300r001c00spc900
Running on/withPlatform Versions
Huawei
Usg2100
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg2200 Firmware
Up to v300r001c00spc900
Running on/withPlatform Versions
Huawei
Usg2200
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg5100 Firmware
Up to v300r001c00spc900
Running on/withPlatform Versions
Huawei
Usg5100
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg5500 Firmware
Up to v300r001c00spc900
Running on/withPlatform Versions
Huawei
Usg5500
All versions

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.