Password Vulnerability in Huawei Networking Equipment
CVE-2012-4960

Currently unrated

Key Information:

Vendor: Huawei
Status: Me60; S7700; E200 Usg5100; E200e-x2
Vendor: CVE Published:; 20 June 2013

Summary

The vulnerability in Huawei networking equipment stems from the use of the outdated DES algorithm for stored passwords. This makes it significantly easier for attackers, particularly those with context-dependent knowledge, to execute brute-force attacks and obtain cleartext passwords. Affected devices include a broad range of products across Huawei's networking solutions, highlighting the importance of updating security practices and transitioning to stronger password management algorithms.

References

http://www.kb.cert.org/vuls/id/948096

third-party-advisoryx_refsource_CERT-VN

http://www.huawei.com/en/security/psirt/security-bulletin...

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 20, 2013
Vulnerability Reserved
Sep 17, 2012