Details of VAR-201505-0319

ID

VAR-201505-0319

CVE

CVE-2015-3912

TITLE

Huawei E355s Information Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2015-03262 // BID: 74397

DESCRIPTION

Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. Huawei E355s is a wireless shared device of China's Huawei company. Huawei E355s has an information disclosure vulnerability. An attacker could exploit this vulnerability to obtain sensitive information. Huawei E355s is prone to an information-disclosure vulnerability. Security vulnerabilities exist in Huawei E355s Mobile WiFi and WEBUI versions earlier than 13.100.04.01.625 using firmware versions earlier than 22.158.45.02.625

Trust: 2.52

sources: NVD: CVE-2015-3912 // JVNDB: JVNDB-2015-002775 // CNVD: CNVD-2015-03262 // BID: 74397 // VULHUB: VHN-81873

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03262

AFFECTED PRODUCTS

vendor:	huawei	model:	e355s mobile wifi	scope:	lte	version:	22.158.01.00.625	Trust: 1.0
vendor:	huawei	model:	webui	scope:	lte	version:	11.011.04.00.625	Trust: 1.0
vendor:	huawei	model:	e355s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	e355s	scope:	lt	version:	22.158.45.02.625	Trust: 0.8
vendor:	huawei	model:	webui	scope:	lt	version:	13.100.04.01.625	Trust: 0.8
vendor:	huawei	model:	e355	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	webui	scope:	eq	version:	11.011.04.00.625	Trust: 0.6
vendor:	huawei	model:	e355s mobile wifi	scope:	eq	version:	22.158.01.00.625	Trust: 0.6

sources: CNVD: CNVD-2015-03262 // JVNDB: JVNDB-2015-002775 // CNNVD: CNNVD-201505-334 // NVD: CVE-2015-3912

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3912
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3912
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-03262
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201505-334
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81873
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3912
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03262
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-81873
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03262 // VULHUB: VHN-81873 // JVNDB: JVNDB-2015-002775 // CNNVD: CNNVD-201505-334 // NVD: CVE-2015-3912

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-81873 // JVNDB: JVNDB-2015-002775 // NVD: CVE-2015-3912

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-334

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201505-334

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002775

PATCH

title:	Huawei-SA-20150429-01-E355s	url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm	Trust: 0.8
title:	Huawei E355s Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/58721	Trust: 0.6

sources: CNVD: CNVD-2015-03262 // JVNDB: JVNDB-2015-002775

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3912	Trust: 3.4
db:	BID	id:	74397	Trust: 2.6
db:	JVNDB	id:	JVNDB-2015-002775	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-334	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03262	Trust: 0.6
db:	VULHUB	id:	VHN-81873	Trust: 0.1

sources: CNVD: CNVD-2015-03262 // VULHUB: VHN-81873 // BID: 74397 // JVNDB: JVNDB-2015-002775 // CNNVD: CNNVD-201505-334 // NVD: CVE-2015-3912

REFERENCES

url:	http://www.securityfocus.com/bid/74397	Trust: 2.3
url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-425435.htm	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3912	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3912	Trust: 0.8

sources: CNVD: CNVD-2015-03262 // VULHUB: VHN-81873 // JVNDB: JVNDB-2015-002775 // CNNVD: CNNVD-201505-334 // NVD: CVE-2015-3912

CREDITS

Evilsocket

Trust: 0.9

sources: BID: 74397 // CNNVD: CNNVD-201505-334

SOURCES

db:	CNVD	id:	CNVD-2015-03262
db:	VULHUB	id:	VHN-81873
db:	BID	id:	74397
db:	JVNDB	id:	JVNDB-2015-002775
db:	CNNVD	id:	CNNVD-201505-334
db:	NVD	id:	CVE-2015-3912

LAST UPDATE DATE

2024-11-23T22:42:28.700000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03262	date:	2015-05-21T00:00:00
db:	VULHUB	id:	VHN-81873	date:	2015-05-22T00:00:00
db:	BID	id:	74397	date:	2015-07-15T00:04:00
db:	JVNDB	id:	JVNDB-2015-002775	date:	2015-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201505-334	date:	2015-05-22T00:00:00
db:	NVD	id:	CVE-2015-3912	date:	2024-11-21T02:30:04.707

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03262	date:	2015-05-21T00:00:00
db:	VULHUB	id:	VHN-81873	date:	2015-05-21T00:00:00
db:	BID	id:	74397	date:	2015-04-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-002775	date:	2015-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201505-334	date:	2015-04-29T00:00:00
db:	NVD	id:	CVE-2015-3912	date:	2015-05-21T19:59:01.327