← Back

CVE-2016-6825

nvd nist
Published: Sep 7, 2016Modified: May 6, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms."

Affected (6)

Huawei
6 products
Rh1288 V3 Server Firmware
Rh2288 V3 Server Firmware
Rh2288h V3 Server Firmware
Xh620 V3 Server Firmware
Xh622 V3 Server Firmware
Xh628 V3 Server Firmware
Configuration A
6 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Rh1288 V3 Server Firmware
Version v100r003c00
Rh2288 V3 Server Firmware
Version v100r003c00
Rh2288h V3 Server Firmware
Version v100r003c00
Xh620 V3 Server Firmware
Version v100r003c00
Xh622 V3 Server Firmware
Version v100r003c00
Xh628 V3 Server Firmware
Version v100r003c00
Running on/withPlatform Versions
Huawei
Rh1288 V3 Server
All versions
Huawei
Rh2288 V3 Server
All versions
Huawei
Rh2288h V3 Server
All versions
Huawei
Xh620 V3 Server
All versions
Huawei
Xh622 V3 Server
All versions
Huawei
Xh628 V3 Server
All versions

Related CWEs

CWE-285
Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.