Sign-up

ID

VAR-201602-0083


CVE

CVE-2016-2231


TITLE

Huawei SmartAX MT882 Run on device Windows-based Host Interface Program Service disruption in services (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-001673

DESCRIPTION

The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. HuaweiSmartAXMT882 is a router product. A denial of service vulnerability exists in the HuaweiSmartAXMT882 device V200R002B022Arg. The WHIP service relies on the client to send the length field. This can cause a remote attacker to cause a denial of service through the data stream constructed on TCP port 8701. Huawei SmartAX MT882 is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. There is a security vulnerability in the Windows-based Host Interface Program (WHIP) service of Huawei SmartAX MT882 V200R002B022 Arg version. The vulnerability comes from the fact that the program determines the buffer size according to the length field in the data packet sent by the client

Trust: 2.52

sources: NVD: CVE-2016-2231 // JVNDB: JVNDB-2016-001673 // CNVD: CNVD-2016-01128 // BID: 84915 // VULHUB: VHN-91050

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-01128

AFFECTED PRODUCTS

vendor:huaweimodel:smartax mt882scope: - version: -

Trust: 1.4

vendor:huaweimodel:mt882scope:lteversion:v200r002b022

Trust: 1.0

vendor:huaweimodel:smartax mt882scope:eqversion:v200r002b022 arg

Trust: 0.8

vendor:huaweimodel:mt882scope:eqversion:v200r002b022

Trust: 0.6

sources: CNVD: CNVD-2016-01128 // JVNDB: JVNDB-2016-001673 // CNNVD: CNNVD-201602-289 // NVD: CVE-2016-2231

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2231
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-2231
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-01128
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201602-289
value: CRITICAL

Trust: 0.6

VULHUB: VHN-91050
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-2231
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-01128
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-91050
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-2231
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-01128 // VULHUB: VHN-91050 // JVNDB: JVNDB-2016-001673 // CNNVD: CNNVD-201602-289 // NVD: CVE-2016-2231

PROBLEMTYPE DATA

problemtype:CWE-19

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-91050 // JVNDB: JVNDB-2016-001673 // NVD: CVE-2016-2231

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-289

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201602-289

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001673

PATCH
title:SmartAX MT820/MT882url:http://market.huawei.com/hwgg/access/en/products/cpe_portfolio1.html
Trust: 0.8
title:HuaweiSmartAXMT882 patch for denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/71531
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-01128 // 
            
            
            
            JVNDB: JVNDB-2016-001673

EXTERNAL IDS
db:NVDid:CVE-2016-2231
Trust: 3.4
db:JVNDBid:JVNDB-2016-001673
Trust: 0.8
db:CNNVDid:CNNVD-201602-289
Trust: 0.7
db:CNVDid:CNVD-2016-01128
Trust: 0.6
db:BIDid:84915
Trust: 0.4
db:VULHUBid:VHN-91050
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01128 // 
            
            
            
            VULHUB: VHN-91050 // 
            
            
            
            BID: 84915 // 
            
            
            
            JVNDB: JVNDB-2016-001673 // 
            
            
            
            CNNVD: CNNVD-201602-289 // 
            
            
            
            NVD: CVE-2016-2231

REFERENCES
url:https://debihiga.wordpress.com/sa-whip/
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2231
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2231
Trust: 0.8
url:http://support.huawei.com/enterprise/
Trust: 0.6
url:http://www.huawei.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-01128 // 
            
            
            
            VULHUB: VHN-91050 // 
            
            
            
            BID: 84915 // 
            
            
            
            JVNDB: JVNDB-2016-001673 // 
            
            
            
            CNNVD: CNNVD-201602-289 // 
            
            
            
            NVD: CVE-2016-2231

CREDITS
Déborah Valeria Higa.
Trust: 0.3
sources:
            
            
            BID: 84915

SOURCES
db:CNVDid:CNVD-2016-01128
db:VULHUBid:VHN-91050
db:BIDid:84915
db:JVNDBid:JVNDB-2016-001673
db:CNNVDid:CNNVD-201602-289
db:NVDid:CVE-2016-2231

LAST UPDATE DATE
2024-11-23T22:38:45.747000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01128date:2016-02-18T00:00:00
db:VULHUBid:VHN-91050date:2016-03-10T00:00:00
db:BIDid:84915date:2016-02-11T00:00:00
db:JVNDBid:JVNDB-2016-001673date:2016-03-11T00:00:00
db:CNNVDid:CNNVD-201602-289date:2016-02-16T00:00:00
db:NVDid:CVE-2016-2231date:2024-11-21T02:48:05.410

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-01128date:2016-02-18T00:00:00
db:VULHUBid:VHN-91050date:2016-02-15T00:00:00
db:BIDid:84915date:2016-02-11T00:00:00
db:JVNDBid:JVNDB-2016-001673date:2016-03-11T00:00:00
db:CNNVDid:CNNVD-201602-289date:2016-02-16T00:00:00
db:NVDid:CVE-2016-2231date:2016-02-15T02:59:18.937