Cross-site Scripting Vulnerability in Huawei E355 Modem
CVE-2014-2968

Currently unrated

Key Information:

Vendor: Huawei
Status: E355 Web Ui; E355 Firmware; E355
Vendor: CVE Published:; 24 July 2014

Summary

A cross-site scripting vulnerability exists in the web interface of the Huawei E355 CH1E355SM modem. This flaw enables remote attackers to inject arbitrary web scripts or HTML through specially crafted SMS messages, potentially leading to unauthorized actions performed on behalf of users accessing the affected device through web sessions.

References

http://www.kb.cert.org/vuls/id/688812

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Jul 24, 2014
Vulnerability Reserved
Apr 21, 2014