API Authentication Flaw in Huawei E355 Adapter
CVE-2013-6031

Currently unrated

Key Information:

Vendor: Huawei
Status: E355 Firmware; E355
Vendor: CVE Published:; 11 March 2014

Summary

The Huawei E355 adapter with firmware version 21.157.37.01.910 is susceptible to an authentication bypass vulnerability that allows remote attackers to access API endpoints without requiring proper authentication. This can lead to unauthorized changes to settings, including password alterations and retrieval of sensitive device information through direct API requests to various endpoints such as wlan/security-settings and device/information, among others. Ensuring proper authentication mechanisms and patching vulnerable firmware is crucial to safeguarding user data against potential exploitation.

References

http://www.kb.cert.org/vuls/id/341526

third-party-advisoryx_refsource_CERT-VN

https://github.com/aczire/huawei-csrf-info_disclosure/blo...

x_refsource_MISC

Timeline

Vulnerability published
Mar 11, 2014
Vulnerability Reserved
Oct 4, 2013