Details of VAR-201306-0350

ID

VAR-201306-0350

CVE

CVE-2013-4631

TITLE

Huawei AR Series Routers SNMPv3 Denial of Service Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2013-04835 // BID: 59628 // CNNVD: CNNVD-201305-100

DESCRIPTION

Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues. The Huawei AR series router has an overflow error when processing SNMPv3 messages, allowing remote attackers to exploit the vulnerability to submit specially crafted SNMPv3 messages and remotely execute related instructions. AR 150/200/1200/2200/3200 versions V200R001, V200R002, and V200R003 are affected by this vulnerability. Huawei AR Series Routers are AR series router products of China's Huawei. A denial of service vulnerability exists in Huawei AR Series Routers. This vulnerability could be used by a remote attacker to cause a denial of service and could also execute arbitrary code. Remote attackers may exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. This product provides mobile and fixed network access methods, suitable for enterprise networks

Trust: 3.06

sources: NVD: CVE-2013-4631 // JVNDB: JVNDB-2013-003090 // CNVD: CNVD-2013-04835 // CNNVD: CNNVD-201305-100 // BID: 59628 // VULHUB: VHN-64633

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-04835

AFFECTED PRODUCTS

vendor:	huawei	model:	ar 2200	scope:	eq	version:	v200r003	Trust: 1.6
vendor:	huawei	model:	ar 2200	scope:	eq	version:	v200r002	Trust: 1.6
vendor:	huawei	model:	ar 3200	scope:	eq	version:	v200r001	Trust: 1.6
vendor:	huawei	model:	ar 1200	scope:	eq	version:	v200r003	Trust: 1.6
vendor:	huawei	model:	ar 1200	scope:	eq	version:	v200r002	Trust: 1.6
vendor:	huawei	model:	ar 150	scope:	eq	version:	v200r003	Trust: 1.6
vendor:	huawei	model:	ar 2200	scope:	eq	version:	v200r001	Trust: 1.6
vendor:	huawei	model:	ar 3200	scope:	eq	version:	v200r003	Trust: 1.6
vendor:	huawei	model:	ar 1200	scope:	eq	version:	v200r001	Trust: 1.6
vendor:	huawei	model:	ar 3200	scope:	eq	version:	v200r002	Trust: 1.6
vendor:	huawei	model:	ar 150	scope:	eq	version:	v200r001	Trust: 1.0
vendor:	huawei	model:	ar 200	scope:	eq	version:	v200r003	Trust: 1.0
vendor:	huawei	model:	ar 200	scope:	eq	version:	v200r002	Trust: 1.0
vendor:	huawei	model:	ar 200	scope:	eq	version:	v200r001	Trust: 1.0
vendor:	huawei	model:	ar 150	scope:	eq	version:	v200r002	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r001	Trust: 0.8
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r002	Trust: 0.8
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r003	Trust: 0.8
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r001	Trust: 0.8
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r002	Trust: 0.8
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r003	Trust: 0.8
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r001	Trust: 0.8
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r002	Trust: 0.8
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r003	Trust: 0.8
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r001	Trust: 0.8
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r002	Trust: 0.8
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r003	Trust: 0.8
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r001	Trust: 0.8
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r002	Trust: 0.8
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r003	Trust: 0.8
vendor:	huawei	model:	ar	scope:	eq	version:	150	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	200	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	1200	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	2200	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	3200	Trust: 0.6
vendor:	huawei	model:	ce6850 v100r002c00spc200	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ce5850 v100r002c00spc200	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ce5810 v100r002c00spc200	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ce12800 v100r002c00spc200	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar3200 v200r003	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar3200 v200r002	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar3200 v200r001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar2200 v200r003	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar2200 v200r002	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar2200 v200r001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar200 v200r003	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar200 v200r002	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar200 v200r001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar150 v200r003	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar150 v200r002	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar150 v200r001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar1200 v200r003	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar1200 v200r002	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ar1200 v200r001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ce6850 v100r003c00spc600b22	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ce5850 v100r003c00spc600b22	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ce5810 v100r003c00spc600b22	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ce12800 v100r003c00spc600b22	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ar3200 v200r003c01spc300	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ar2200 v200r003c01spc300	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ar200 v200r003c01spc300	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ar150 v200r003c01spc300	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ar1200 v200r003c01spc300	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2013-04835 // BID: 59628 // JVNDB: JVNDB-2013-003090 // CNNVD: CNNVD-201306-411 // NVD: CVE-2013-4631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4631
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-4631
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-04835
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201306-411
value:	HIGH
Trust: 0.6
VULHUB:	VHN-64633
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-4631
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-04835
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-64633
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-04835 // VULHUB: VHN-64633 // JVNDB: JVNDB-2013-003090 // CNNVD: CNNVD-201306-411 // NVD: CVE-2013-4631

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-64633 // JVNDB: JVNDB-2013-003090 // NVD: CVE-2013-4631

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201305-100 // CNNVD: CNNVD-201306-411

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201306-411

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003090

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-64633

PATCH

title:	Huawei-SA-20130425-02	url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-260601.htm	Trust: 0.8
title:	Huawei AR Series Routers Patch for SNMPv3 Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/33808	Trust: 0.6

sources: CNVD: CNVD-2013-04835 // JVNDB: JVNDB-2013-003090

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4631	Trust: 2.8
db:	BID	id:	59628	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-003090	Trust: 0.8
db:	CNNVD	id:	CNNVD-201306-411	Trust: 0.7
db:	SECUNIA	id:	53303	Trust: 0.6
db:	CNVD	id:	CNVD-2013-04835	Trust: 0.6
db:	CNNVD	id:	CNNVD-201305-100	Trust: 0.6
db:	EXPLOIT-DB	id:	25295	Trust: 0.1
db:	VULHUB	id:	VHN-64633	Trust: 0.1

sources: CNVD: CNVD-2013-04835 // VULHUB: VHN-64633 // BID: 59628 // JVNDB: JVNDB-2013-003090 // CNNVD: CNNVD-201305-100 // CNNVD: CNNVD-201306-411 // NVD: CVE-2013-4631

REFERENCES

url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-260601.htm	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4631	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4631	Trust: 0.8
url:	http://www.secunia.com/advisories/53303/	Trust: 0.6
url:	http://www.securityfocus.com/bid/59628	Trust: 0.6
url:	http://www.huawei.com/	Trust: 0.3

sources: CNVD: CNVD-2013-04835 // VULHUB: VHN-64633 // BID: 59628 // JVNDB: JVNDB-2013-003090 // CNNVD: CNNVD-201305-100 // CNNVD: CNNVD-201306-411 // NVD: CVE-2013-4631

CREDITS

Roberto Paleari

Trust: 0.9

sources: BID: 59628 // CNNVD: CNNVD-201305-100

SOURCES

db:	CNVD	id:	CNVD-2013-04835
db:	VULHUB	id:	VHN-64633
db:	BID	id:	59628
db:	JVNDB	id:	JVNDB-2013-003090
db:	CNNVD	id:	CNNVD-201305-100
db:	CNNVD	id:	CNNVD-201306-411
db:	NVD	id:	CVE-2013-4631

LAST UPDATE DATE

2024-11-23T22:23:14.875000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-04835	date:	2013-05-07T00:00:00
db:	VULHUB	id:	VHN-64633	date:	2013-06-21T00:00:00
db:	BID	id:	59628	date:	2015-12-08T22:15:00
db:	JVNDB	id:	JVNDB-2013-003090	date:	2013-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201305-100	date:	2013-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201306-411	date:	2013-06-21T00:00:00
db:	NVD	id:	CVE-2013-4631	date:	2024-11-21T01:55:58.233

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-04835	date:	2013-05-07T00:00:00
db:	VULHUB	id:	VHN-64633	date:	2013-06-20T00:00:00
db:	BID	id:	59628	date:	2013-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2013-003090	date:	2013-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201305-100	date:	2013-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201306-411	date:	2013-06-21T00:00:00
db:	NVD	id:	CVE-2013-4631	date:	2013-06-20T15:55:01.087