Cross-Site Request Forgery Vulnerability in Huawei E303 Modems
CVE-2014-2946

Currently unrated

Key Information:

Vendor: Huawei
Status: Webui; E303 Modem Firmware; E303 Modem
Vendor: CVE Published:; 2 June 2014

Summary

The vulnerability allows remote attackers to manipulate API operations through the Web UI of Huawei E303 modems. By exploiting this CSRF flaw, adversaries can hijack administrative authentication, enabling them to make unauthorized requests and send SMS messages without permission.

References

http://www.kb.cert.org/vuls/id/325636

third-party-advisoryx_refsource_CERT-VN

http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE...

x_refsource_MISC

http://secunia.com/advisories/58992

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jun 2, 2014
Vulnerability Reserved
Apr 21, 2014