← Back

CVE-2016-6669

nvd nist
Published: Sep 22, 2016Modified: May 6, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.6 / Impact: 5.9
Source: NVD

Description

Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet.

Affected (8)

Huawei
4 products
Usg2100 Firmware
Usg2200 Firmware
Usg5100 Firmware
Usg5500 Firmware
Configuration A
8 vulnerable · 4 platform
Vulnerable SoftwareAffected Versions
Huawei
Usg2100 Firmware
Up to v300r001c00
Usg2100 Firmware
Up to v300r001c10
Huawei
Usg2200 Firmware
Up to v300r001c00
Usg2200 Firmware
Up to v300r001c10
Huawei
Usg5100 Firmware
Up to v300r001c00
Usg5100 Firmware
Up to v300r001c10
Huawei
Usg5500 Firmware
Up to v300r001c00
Usg5500 Firmware
Up to v300r001c10
Running on/withPlatform Versions
Huawei
Usg2100
All versions
Huawei
Usg2200
All versions
Huawei
Usg5100
All versions
Huawei
Usg5500
All versions

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

Source: cve@mitre.org
VDB Entry
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
VDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.