Format String Vulnerability in Huawei Routers
CVE-2016-6901

6.5MEDIUM

Key Information:

Vendor: Huawei
Status: Ar Firmware
Vendor: CVE Published:; 26 September 2016

Summary

A format string vulnerability exists in multiple models of Huawei routers, allowing remote authenticated users to exploit format string specifiers. This can lead to a denial of service, making systems unresponsive. Users are encouraged to upgrade their software to versions V200R007C00SPC900 or newer to mitigate this security risk. Comprehensive patches are available from the vendor.

References

http://www.securityfocus.com/bid/92618

vdb-entryx_refsource_BID

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2016
Vulnerability Reserved
Aug 22, 2016