ID

VAR-201703-0050


CVE

CVE-2016-6206


TITLE

Huawei AR3200 Service disruption in router software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-008074

DESCRIPTION

Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. HuaweiAR3200 is an AR3200 series enterprise router product. Huawei AR3200 Routers are prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. An input validation vulnerability exists in the Huawei AR3200 router. The following versions are affected: AR3200 V200R001C00 Version, V200R001C01 Version, V200R002C00 Version, V200R002C01 Version, V200R002C02 Version, V200R002C05 Version, V200R003C00 Version, V200R003C01 Version, V200R003C05 Version, V200R005C00 Version, V200R005C10 Version, V200R005C20 Version, V200R005C21 Version, V200R005C30 Version, V200R005C31 Version , version V200R005C32, version V200R006C00, version V200R006C10, version V200R006C11, version V200R006C12, version V200R006C13, version V200R006C15, version V200R006C16, version V200R006C17

Trust: 2.52

sources: NVD: CVE-2016-6206 // JVNDB: JVNDB-2016-008074 // CNVD: CNVD-2016-05047 // BID: 91774 // VULHUB: VHN-95026

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-05047

AFFECTED PRODUCTS

vendor:huaweimodel:ar3200scope:eqversion:v200r002c05

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r001c01

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r002c02

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r002c01

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r005c30

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r003c01

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r002c00

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r005c21

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r003c05

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r003c00

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r006c15

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c31

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c12

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r001c00

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c11

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c16

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c17

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c13

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c10

Trust: 1.0

vendor:huaweimodel:ar3200 v200r001c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r001c01scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r002c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r002c01scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r002c02scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r002c05scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r003c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r003c01scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r003c05scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r005c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r005c10scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r005c21scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r005c31scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200scope:ltversion:v200r007c00spc600

Trust: 0.8

vendor:huaweimodel:ar3200 v200r005c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r006c17scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar3200 v200r006c16scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar3200 v200r006c15scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar3200 v200r006c13scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar3200 v200r006c12scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar3200 v200r006c11scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar3200 v200r006c10scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar3200 v200r006c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar3200 v200r005c32scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar3200 v200r005c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar3200 v200r007c00spc600scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2016-05047 // BID: 91774 // JVNDB: JVNDB-2016-008074 // CNNVD: CNNVD-201607-413 // NVD: CVE-2016-6206

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6206
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-6206
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-05047
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201607-413
value: CRITICAL

Trust: 0.6

VULHUB: VHN-95026
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6206
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-05047
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95026
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6206
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-05047 // VULHUB: VHN-95026 // JVNDB: JVNDB-2016-008074 // CNNVD: CNNVD-201607-413 // NVD: CVE-2016-6206

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-95026 // JVNDB: JVNDB-2016-008074 // NVD: CVE-2016-6206

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-413

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201607-413

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:ar3200_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2016-008074

PATCH

title:huawei-sa-20160713-01-routerurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-router-en

Trust: 0.8

title:HuaweiAR3200Routers patch for remote code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/79361

Trust: 0.6

title:Huawei AR3200 Routers Fixes for remote code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62958

Trust: 0.6

sources: CNVD: CNVD-2016-05047 // JVNDB: JVNDB-2016-008074 // CNNVD: CNNVD-201607-413

EXTERNAL IDS

db:NVDid:CVE-2016-6206

Trust: 3.4

db:BIDid:91774

Trust: 2.6

db:JVNDBid:JVNDB-2016-008074

Trust: 0.8

db:CNNVDid:CNNVD-201607-413

Trust: 0.7

db:CNVDid:CNVD-2016-05047

Trust: 0.6

db:VULHUBid:VHN-95026

Trust: 0.1

sources: CNVD: CNVD-2016-05047 // VULHUB: VHN-95026 // BID: 91774 // JVNDB: JVNDB-2016-008074 // CNNVD: CNNVD-201607-413 // NVD: CVE-2016-6206

REFERENCES

url:http://www.securityfocus.com/bid/91774

Trust: 2.3

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-router-en

Trust: 2.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6206

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-6206

Trust: 0.8

url:http://www.huawei.com

Trust: 0.3

sources: CNVD: CNVD-2016-05047 // VULHUB: VHN-95026 // BID: 91774 // JVNDB: JVNDB-2016-008074 // CNNVD: CNNVD-201607-413 // NVD: CVE-2016-6206

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 91774

SOURCES

db:CNVDid:CNVD-2016-05047
db:VULHUBid:VHN-95026
db:BIDid:91774
db:JVNDBid:JVNDB-2016-008074
db:CNNVDid:CNNVD-201607-413
db:NVDid:CVE-2016-6206

LAST UPDATE DATE

2024-11-23T22:59:21.342000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-05047date:2016-07-21T00:00:00
db:VULHUBid:VHN-95026date:2017-03-27T00:00:00
db:BIDid:91774date:2016-07-13T00:00:00
db:JVNDBid:JVNDB-2016-008074date:2017-04-20T00:00:00
db:CNNVDid:CNNVD-201607-413date:2017-03-28T00:00:00
db:NVDid:CVE-2016-6206date:2024-11-21T02:55:40.023

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-05047date:2016-07-21T00:00:00
db:VULHUBid:VHN-95026date:2017-03-24T00:00:00
db:BIDid:91774date:2016-07-13T00:00:00
db:JVNDBid:JVNDB-2016-008074date:2017-04-20T00:00:00
db:CNNVDid:CNNVD-201607-413date:2016-07-15T00:00:00
db:NVDid:CVE-2016-6206date:2017-03-24T15:59:00.683