Cross-Site Request Forgery Vulnerabilities in Huawei WS331a Routers
CVE-2016-6158

6.1MEDIUM

Key Information:

Vendor: Huawei
Status: Ws331a Router Firmware
Vendor: CVE Published:; 21 September 2016

What is CVE-2016-6158?

The Huawei WS331a routers, prior to software version WS331a-10 V100R001C01B112, are susceptible to multiple cross-site request forgery vulnerabilities. These vulnerabilities enable remote attackers to exploit the authentication mechanism of the router's administrative interface. Successful exploitation allows attackers to issue requests that can restore factory settings or reboot the device, potentially impacting network integrity and availability.

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 21, 2016
Vulnerability Reserved
Jul 4, 2016