Details of VAR-201306-0349

ID

VAR-201306-0349

CVE

CVE-2013-4630

TITLE

plural Huawei AR Router stack-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003089

DESCRIPTION

Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests. Huawei AR series routers are Huawei's proprietary VRP-based next-generation enterprise routers that integrate routing, switching, 3G, WLAN, voice, and security functions. An attacker could exploit the vulnerability to execute arbitrary code in the context of an affected application. A failed vulnerability attempt could result in a denial of service condition. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks. Huawei uses SNMPv3 for network and device management

Trust: 2.52

sources: NVD: CVE-2013-4630 // JVNDB: JVNDB-2013-003089 // CNVD: CNVD-2013-04917 // BID: 59662 // VULHUB: VHN-64632

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-04917

AFFECTED PRODUCTS

vendor:	huawei	model:	ar 200	scope:	eq	version:	v200r002	Trust: 1.6
vendor:	huawei	model:	ar 200	scope:	eq	version:	v200r003	Trust: 1.6
vendor:	huawei	model:	ar 2200	scope:	eq	version:	v200r003	Trust: 1.6
vendor:	huawei	model:	ar 2200	scope:	eq	version:	v200r002	Trust: 1.6
vendor:	huawei	model:	ar 3200	scope:	eq	version:	v200r001	Trust: 1.6
vendor:	huawei	model:	ar 1200	scope:	eq	version:	v200r003	Trust: 1.6
vendor:	huawei	model:	ar 1200	scope:	eq	version:	v200r002	Trust: 1.6
vendor:	huawei	model:	ar 2200	scope:	eq	version:	v200r001	Trust: 1.6
vendor:	huawei	model:	ar 3200	scope:	eq	version:	v200r003	Trust: 1.6
vendor:	huawei	model:	ar 1200	scope:	eq	version:	v200r001	Trust: 1.6
vendor:	huawei	model:	ar 150	scope:	eq	version:	v200r001	Trust: 1.0
vendor:	huawei	model:	ar 200	scope:	eq	version:	v200r001	Trust: 1.0
vendor:	huawei	model:	ar 150	scope:	eq	version:	v200r003	Trust: 1.0
vendor:	huawei	model:	ar 150	scope:	eq	version:	v200r002	Trust: 1.0
vendor:	huawei	model:	ar 3200	scope:	eq	version:	v200r002	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r001	Trust: 0.8
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r002	Trust: 0.8
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r003	Trust: 0.8
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r001	Trust: 0.8
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r002	Trust: 0.8
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r003	Trust: 0.8
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r001	Trust: 0.8
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r002	Trust: 0.8
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r003	Trust: 0.8
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r001	Trust: 0.8
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r002	Trust: 0.8
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r003	Trust: 0.8
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r001	Trust: 0.8
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r002	Trust: 0.8
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r003	Trust: 0.8
vendor:	huawei	model:	ar series routers	scope:	eq	version:	3200	Trust: 0.6
vendor:	huawei	model:	ar series routers	scope:	eq	version:	2200	Trust: 0.6
vendor:	huawei	model:	ar series routers	scope:	eq	version:	200	Trust: 0.6
vendor:	huawei	model:	ar series routers	scope:	eq	version:	150	Trust: 0.6
vendor:	huawei	model:	ar series routers	scope:	eq	version:	1200	Trust: 0.6

sources: CNVD: CNVD-2013-04917 // JVNDB: JVNDB-2013-003089 // CNNVD: CNNVD-201306-410 // NVD: CVE-2013-4630

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4630
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-4630
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-04917
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201306-410
value:	HIGH
Trust: 0.6
VULHUB:	VHN-64632
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-4630
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-04917
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-64632
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-04917 // VULHUB: VHN-64632 // JVNDB: JVNDB-2013-003089 // CNNVD: CNNVD-201306-410 // NVD: CVE-2013-4630

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-64632 // JVNDB: JVNDB-2013-003089 // NVD: CVE-2013-4630

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-410

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201306-410

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003089

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-64632

PATCH

title:	Huawei-SA-20130313-01	url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-260626.htm	Trust: 0.8
title:	Huawei AR Series Router SNMPv3 Remote Stack Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/33826	Trust: 0.6

sources: CNVD: CNVD-2013-04917 // JVNDB: JVNDB-2013-003089

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4630	Trust: 3.4
db:	EXPLOIT-DB	id:	25295	Trust: 1.1
db:	BID	id:	59662	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003089	Trust: 0.8
db:	CNNVD	id:	CNNVD-201306-410	Trust: 0.7
db:	CNVD	id:	CNVD-2013-04917	Trust: 0.6
db:	SEEBUG	id:	SSVID-78960	Trust: 0.1
db:	VULHUB	id:	VHN-64632	Trust: 0.1

sources: CNVD: CNVD-2013-04917 // VULHUB: VHN-64632 // BID: 59662 // JVNDB: JVNDB-2013-003089 // CNNVD: CNNVD-201306-410 // NVD: CVE-2013-4630

REFERENCES

url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-260626.htm	Trust: 2.3
url:	http://www.exploit-db.com/exploits/25295	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4630	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4630	Trust: 0.8
url:	http://www.huawei.com/	Trust: 0.3

sources: CNVD: CNVD-2013-04917 // VULHUB: VHN-64632 // BID: 59662 // JVNDB: JVNDB-2013-003089 // CNNVD: CNNVD-201306-410 // NVD: CVE-2013-4630

CREDITS

Roberto Paleari

Trust: 0.3

sources: BID: 59662

SOURCES

db:	CNVD	id:	CNVD-2013-04917
db:	VULHUB	id:	VHN-64632
db:	BID	id:	59662
db:	JVNDB	id:	JVNDB-2013-003089
db:	CNNVD	id:	CNNVD-201306-410
db:	NVD	id:	CVE-2013-4630

LAST UPDATE DATE

2024-11-23T22:23:14.914000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-04917	date:	2013-05-08T00:00:00
db:	VULHUB	id:	VHN-64632	date:	2013-11-03T00:00:00
db:	BID	id:	59662	date:	2015-03-19T09:49:00
db:	JVNDB	id:	JVNDB-2013-003089	date:	2013-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201306-410	date:	2013-06-28T00:00:00
db:	NVD	id:	CVE-2013-4630	date:	2024-11-21T01:55:58.107

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-04917	date:	2013-05-08T00:00:00
db:	VULHUB	id:	VHN-64632	date:	2013-06-20T00:00:00
db:	BID	id:	59662	date:	2013-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-003089	date:	2013-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201306-410	date:	2013-06-21T00:00:00
db:	NVD	id:	CVE-2013-4630	date:	2013-06-20T15:55:01.070