Reversible Encryption Flaw in Huawei AR Routers
CVE-2015-8085

4.9MEDIUM

Key Information:

Vendor: Huawei
Status: S9300 Firmware
Vendor: CVE Published:; 3 October 2016

Summary

The vulnerability identified in Huawei AR Routers allows remote authenticated administrators to exploit a weakness in the password encryption mechanism. This issue arises due to the selection of a reversible encryption algorithm, enabling unauthorized access to sensitive plaintext passwords. Affected models include several series of Huawei routers, which could put network security at risk if not addressed. It is crucial for users of these products to ensure they are running updated software versions to mitigate associated threats.

References

http://www.securityfocus.com/bid/76897

vdb-entryx_refsource_BID

http://www.huawei.com/en/psirt/security-advisories/hw-455876

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2016
Vulnerability Reserved
Nov 6, 2015