ID

VAR-201306-0208


CVE

CVE-2012-6569


TITLE

Huawei of AR Stack-based buffer overflow vulnerability in router and switch products

Trust: 0.8

sources: JVNDB: JVNDB-2012-006006

DESCRIPTION

Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI. Huawei AR routers and Huawei S series switches are network devices of Huawei products. Attackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks

Trust: 2.7

sources: NVD: CVE-2012-6569 // JVNDB: JVNDB-2012-006006 // CNVD: CNVD-2013-08073 // BID: 60708 // IVD: e42fb632-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-59850

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e42fb632-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-08073

AFFECTED PRODUCTS

vendor:huaweimodel:s3300scope:eqversion:r6305

Trust: 2.4

vendor:huaweimodel:s3300hiscope:eqversion:r6305

Trust: 2.4

vendor:huaweimodel:s3500scope:eqversion:r6305

Trust: 2.4

vendor:huaweimodel:s3700scope:eqversion:r6305

Trust: 2.4

vendor:huaweimodel:s3900scope:eqversion:r6305

Trust: 2.4

vendor:huaweimodel:s5100scope:eqversion:r6305

Trust: 2.4

vendor:huaweimodel:s5600scope:eqversion:r6305

Trust: 2.4

vendor:huaweimodel:s7800scope:eqversion:r6305

Trust: 2.4

vendor:huaweimodel:ar 18-1xscope:lteversion:r0130

Trust: 1.8

vendor:huaweimodel:ar 18-2xscope:lteversion:r1712

Trust: 1.8

vendor:huaweimodel:s2000scope:eqversion:r6305

Trust: 1.8

vendor:huaweimodel:s2300scope:eqversion:r6305

Trust: 1.8

vendor:huaweimodel:s2700scope:eqversion:r6305

Trust: 1.8

vendor:huaweimodel:s3000scope:eqversion:r6305

Trust: 1.8

vendor:huaweimodel:s8500scope:eqversion:r1631

Trust: 1.6

vendor:huaweimodel:s8500scope:eqversion:r1632

Trust: 1.6

vendor:huaweimodel:ar 28\/46scope:lteversion:r0311

Trust: 1.0

vendor:huaweimodel:ar 18-3xscope:lteversion:r0118

Trust: 1.0

vendor:huaweimodel:ar 19\/29\/49scope:lteversion:r2207

Trust: 1.0

vendor:huaweimodel:ar 18-2xscope:lteversion:r0118

Trust: 0.8

vendor:huaweimodel:ar 19/29/49scope:lteversion:r2207

Trust: 0.8

vendor:huaweimodel:ar 28/46scope:lteversion:r0311

Trust: 0.8

vendor:huaweimodel:s8500scope:eqversion:r1631 and r1632

Trust: 0.8

vendor:huaweimodel:ar routersscope: - version: -

Trust: 0.6

vendor:huaweimodel:s2000scope: - version: -

Trust: 0.6

vendor:huaweimodel:s3000scope: - version: -

Trust: 0.6

vendor:huaweimodel:s3500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s3900scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5100scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7800scope: - version: -

Trust: 0.6

vendor:huaweimodel:s8500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s8500scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s7800scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s5600scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s5100scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s3900scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s3500scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s3000scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s2000scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar49scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar46scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar29scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar28scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar19scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar18-3xscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar18-2xscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar18-1xscope:eqversion:0

Trust: 0.3

vendor:ar 18 1xmodel: - scope:eqversion:*

Trust: 0.2

vendor:ar 18 2xmodel: - scope:eqversion:*

Trust: 0.2

vendor:ar 18 3xmodel: - scope:eqversion:*

Trust: 0.2

vendor:ar 19 29 49model: - scope:eqversion:*

Trust: 0.2

vendor:ar 28 46model: - scope:eqversion:*

Trust: 0.2

vendor:s2000model:r6305scope: - version: -

Trust: 0.2

vendor:s2300model:r6305scope: - version: -

Trust: 0.2

vendor:s2700model:r6305scope: - version: -

Trust: 0.2

vendor:s3000model:r6305scope: - version: -

Trust: 0.2

vendor:s3300model:r6305scope: - version: -

Trust: 0.2

vendor:s3300himodel:r6305scope: - version: -

Trust: 0.2

vendor:s3500model:r6305scope: - version: -

Trust: 0.2

vendor:s3700model:r6305scope: - version: -

Trust: 0.2

vendor:s3900model:r6305scope: - version: -

Trust: 0.2

vendor:s5100model:r6305scope: - version: -

Trust: 0.2

vendor:s5600model:r6305scope: - version: -

Trust: 0.2

vendor:s7800model:r6305scope: - version: -

Trust: 0.2

vendor:s8500model:r1631scope: - version: -

Trust: 0.2

vendor:s8500model:r1632scope: - version: -

Trust: 0.2

sources: IVD: e42fb632-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-08073 // BID: 60708 // JVNDB: JVNDB-2012-006006 // CNNVD: CNNVD-201306-405 // NVD: CVE-2012-6569

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-6569
value: HIGH

Trust: 1.0

NVD: CVE-2012-6569
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-08073
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201306-405
value: CRITICAL

Trust: 0.6

IVD: e42fb632-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-59850
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-6569
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-08073
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e42fb632-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-59850
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: e42fb632-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-08073 // VULHUB: VHN-59850 // JVNDB: JVNDB-2012-006006 // CNNVD: CNNVD-201306-405 // NVD: CVE-2012-6569

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-59850 // JVNDB: JVNDB-2012-006006 // NVD: CVE-2012-6569

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-405

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: e42fb632-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201306-405

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:ar_18-1x"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:ar_18-2x"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:ar_19%2F29%2F49"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:ar_28%2F46"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s2000"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s2300"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s2700"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s3000"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s3300"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s3300hi"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s3500"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s3700"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s3900"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s5100"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s5600"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s7800"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:huawei:s8500"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2012-006006

PATCH

title:Huawei-SA-20120808-02-HTTP-Moduleurl:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm

Trust: 0.8

title:Huawei AR Router and Switch HTTP Module Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/34801

Trust: 0.6

sources: CNVD: CNVD-2013-08073 // JVNDB: JVNDB-2012-006006

EXTERNAL IDS

db:NVDid:CVE-2012-6569

Trust: 3.6

db:BIDid:60708

Trust: 1.0

db:CNNVDid:CNNVD-201306-405

Trust: 0.9

db:CNVDid:CNVD-2013-08073

Trust: 0.8

db:JVNDBid:JVNDB-2012-006006

Trust: 0.8

db:IVDid:E42FB632-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-59850

Trust: 0.1

sources: IVD: e42fb632-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-08073 // VULHUB: VHN-59850 // BID: 60708 // JVNDB: JVNDB-2012-006006 // CNNVD: CNNVD-201306-405 // NVD: CVE-2012-6569

REFERENCES

url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm

Trust: 2.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6569

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6569

Trust: 0.8

url:http://www.huawei.com/

Trust: 0.3

sources: CNVD: CNVD-2013-08073 // VULHUB: VHN-59850 // BID: 60708 // JVNDB: JVNDB-2012-006006 // CNNVD: CNNVD-201306-405 // NVD: CVE-2012-6569

CREDITS

Felix Lindner of Recurity Labs GmbH

Trust: 0.3

sources: BID: 60708

SOURCES

db:IVDid:e42fb632-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-08073
db:VULHUBid:VHN-59850
db:BIDid:60708
db:JVNDBid:JVNDB-2012-006006
db:CNNVDid:CNNVD-201306-405
db:NVDid:CVE-2012-6569

LAST UPDATE DATE

2024-08-14T14:58:19.347000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-08073date:2013-06-25T00:00:00
db:VULHUBid:VHN-59850date:2013-06-21T00:00:00
db:BIDid:60708date:2012-08-04T00:00:00
db:JVNDBid:JVNDB-2012-006006date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201306-405date:2013-06-21T00:00:00
db:NVDid:CVE-2012-6569date:2013-06-21T04:00:00

SOURCES RELEASE DATE

db:IVDid:e42fb632-2352-11e6-abef-000c29c66e3ddate:2013-06-25T00:00:00
db:CNVDid:CNVD-2013-08073date:2013-06-25T00:00:00
db:VULHUBid:VHN-59850date:2013-06-20T00:00:00
db:BIDid:60708date:2012-08-04T00:00:00
db:JVNDBid:JVNDB-2012-006006date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201306-405date:2013-06-21T00:00:00
db:NVDid:CVE-2012-6569date:2013-06-20T15:55:00.950