Sign-up

ID

VAR-201604-0127


CVE

CVE-2016-3950


TITLE

Huawei AR3200 Service disruption in router software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002170

DESCRIPTION

Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. The AR3200 series enterprise routers are Huawei's next-generation network products. They inherit Huawei's deep accumulation in data communication, wireless communication, PON access and softswitch, and rely on the VRP platform with independent intellectual property rights. Wireless Internet access, private line access, PBX, converged communication, and security functions are widely deployed in large and medium-sized campus network outlets, large and medium-sized enterprise headquarters or branches. An AR2200 device has an input verification vulnerability. After an attacker uses the vulnerability to log in to the device and constructs a specific attack packet and sends it to the device, the device can be restarted probabilistically. Huawei AR3200 routers are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A security vulnerability exists in the Huawei AR3200. The following versions are affected: Huawei AR3200 using V200R005C20, V200R005C30, and V200R005C32 software

Trust: 2.52

sources: NVD: CVE-2016-3950 // JVNDB: JVNDB-2016-002170 // CNVD: CNVD-2016-02150 // BID: 87086 // VULHUB: VHN-92769

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-02150

AFFECTED PRODUCTS

vendor:huaweimodel:ar3200scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c30

Trust: 1.0

vendor:huaweimodel:ar3200scope:ltversion:firmware v200r006c10spc300

Trust: 0.8

vendor:huaweimodel:ar3200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-02150 // JVNDB: JVNDB-2016-002170 // CNNVD: CNNVD-201604-356 // NVD: CVE-2016-3950

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3950
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-3950
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-02150
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201604-356
value: MEDIUM

Trust: 0.6

VULHUB: VHN-92769
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-3950
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-02150
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-92769
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-3950
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-02150 // VULHUB: VHN-92769 // JVNDB: JVNDB-2016-002170 // CNNVD: CNNVD-201604-356 // NVD: CVE-2016-3950

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-92769 // JVNDB: JVNDB-2016-002170 // NVD: CVE-2016-3950

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-356

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201604-356

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002170

PATCH
title:huawei-sa-20160406-01-arurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en
Trust: 0.8
title:Huawei AR3200 device input verification vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/73899
Trust: 0.6
title:Huawei AR3200 Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60991
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-02150 // 
            
            
            
            JVNDB: JVNDB-2016-002170 // 
            
            
            
            CNNVD: CNNVD-201604-356

EXTERNAL IDS
db:NVDid:CVE-2016-3950
Trust: 3.4
db:JVNDBid:JVNDB-2016-002170
Trust: 0.8
db:CNNVDid:CNNVD-201604-356
Trust: 0.7
db:CNVDid:CNVD-2016-02150
Trust: 0.6
db:BIDid:87086
Trust: 0.4
db:VULHUBid:VHN-92769
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-02150 // 
            
            
            
            VULHUB: VHN-92769 // 
            
            
            
            BID: 87086 // 
            
            
            
            JVNDB: JVNDB-2016-002170 // 
            
            
            
            CNNVD: CNNVD-201604-356 // 
            
            
            
            NVD: CVE-2016-3950

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3950
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3950
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160406-01-ar-cn
Trust: 0.6
url:http://www.huawei.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-02150 // 
            
            
            
            VULHUB: VHN-92769 // 
            
            
            
            BID: 87086 // 
            
            
            
            JVNDB: JVNDB-2016-002170 // 
            
            
            
            CNNVD: CNNVD-201604-356 // 
            
            
            
            NVD: CVE-2016-3950

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 87086

SOURCES
db:CNVDid:CNVD-2016-02150
db:VULHUBid:VHN-92769
db:BIDid:87086
db:JVNDBid:JVNDB-2016-002170
db:CNNVDid:CNNVD-201604-356
db:NVDid:CVE-2016-3950

LAST UPDATE DATE
2024-11-23T22:59:29.736000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-02150date:2016-04-12T00:00:00
db:VULHUBid:VHN-92769date:2016-05-18T00:00:00
db:BIDid:87086date:2016-04-06T00:00:00
db:JVNDBid:JVNDB-2016-002170date:2016-04-22T00:00:00
db:CNNVDid:CNNVD-201604-356date:2016-04-19T00:00:00
db:NVDid:CVE-2016-3950date:2024-11-21T02:51:00.807

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-02150date:2016-04-12T00:00:00
db:VULHUBid:VHN-92769date:2016-04-18T00:00:00
db:BIDid:87086date:2016-04-06T00:00:00
db:JVNDBid:JVNDB-2016-002170date:2016-04-22T00:00:00
db:CNNVDid:CNNVD-201604-356date:2016-04-19T00:00:00
db:NVDid:CVE-2016-3950date:2016-04-18T14:59:03.720