Heap-Based Buffer Overflow in Huawei AR Routers and S-Series Switches
CVE-2012-6570

Currently unrated

Key Information:

Vendor: Huawei
Status: Ar 19\/29\/49; Ar 18-2x; Ar 18-3x; Ar 28\/46
Vendor: CVE Published:; 20 June 2013

Summary

The HTTP module within Huawei's Branch Intelligent Management System (BIMS) and its web management components lacks proper validation of the Content-Length field in HTTP responses. This oversight can allow remote HTTP servers to exploit the system, potentially leading to heap-based buffer overflow attacks. An attacker could leverage this weakness to execute arbitrary code on the affected devices, posing significant security threats to network integrity.

References

http://www.huawei.com/en/security/psirt/security-bulletin...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 20, 2013