Vulnerability CVE-2012-4960


Published: 2013-06-20

Description:
The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

Type:

CWE-310

(Cryptographic Issues)

Vendor: Huawei
Product: Ne5000e 
Version: v800r002; v300r007;
Product: ME60 
Version:
v600r005c00spc600
v600r003
v600r002
v100r006
v100r005
See more versions on NVD
Product: Ne40e/80e 
Version: v600r003; v600r002;
Product: Ne80e 
Version:
v600r003
v600r002
v600r001
See more versions on NVD
Product: Cx600 
Version:
v600r003
v600r002
v600r001
v200r002
See more versions on NVD
Product: Ne40e 
Version: v600r001; v300r005;
Product: NE80 
Version: v300r005;
Product: Ne20e-x6 
Version: v300r005;
Product: NE40 
Version: v300r005;
Product: Ma5200g 
Version: v300r003; v200r003;
Product: Eudemon100e 
Version: v200r007;
Product: Eudemon500 
Version: v200r006c02;
Product: Eudemon300 
Version: v200r006c02;
Product: Eudemon1000 
Version: v200r006c02;
Product: NE20 
Version: v200r005;
Product: E200x7 
Version: v200r003c00;
Product: E200 usg5100 
Version: v200r003c00;
Product: E200x5 
Version: v200r003c00;
Product: E200e-c 
Version: v200r003c00;
Product: E200 usg2200 
Version: v200r003c00;
Product: E200x3 
Version: v200r003c00;
Product: Ar g3 
Version:
v200r002c00spc200
v200r001c01
v200r001c00
See more versions on NVD
Product: Eudemon usg5500 
Version: v200r002;
Product: Eudemon1000e-x 
Version: v200r002;
Product: ATN 
Version: v200r001c01; v200r001c00;
Product: Eudemon usg9500 
Version: v200r001c00spc600;
Product: Eudemon8000e-x 
Version: v200r001c00spc600;
Product: ACU 
Version:
v200r001c00spc100
v200r001c00
v100r003c01spc100
See more versions on NVD
Product: Wlan ac 6605 
Version: v200r001c00spc100; v200r001c00;
Product: Svn2000 
Version: v200r001c00;
Product: Svn5000 
Version: v200r001c00;
Product: S6700 
Version: v200r001; v100r006;
Product: Eudemon200 
Version: v200r001;
Product: S3700 
Version:
v200r001
v100r006
v100r005
See more versions on NVD
Product: Eudemon1000e-u 
Version: v200r001;
Product: S3300hi 
Version: v200r001; v100r006;
Product: Eudemon usg5300 
Version: v200r001;
Product: S5700 
Version:
v200r001
v100r006
v100r005
See more versions on NVD
Product: S5300hi 
Version: v200r001; v100r006;
Product: S6300 
Version: v200r001; v100r006;
Product: S5306 
Version: v200r001; v100r006;
Product: S3300 
Version:
v100r006
v100r005
v100r003
v100r002
See more versions on NVD
Product: S2300 
Version:
v100r006
v100r005
v100r003
v100r002
See more versions on NVD
Product: S7700 
Version: v100r006; v100r003;
Product: S5300 
Version:
v100r006
v100r005
v100r003
v100r002
See more versions on NVD
Product: S9300 
Version:
v100r006
v100r003
v100r002
See more versions on NVD
Product: S2700 
Version: v100r006;
Product: E200e-usg2100 
Version: v100r005c01;
Product: E200e-x2 
Version: v100r005c01;
Product: E200e-x1 
Version: v100r005c01;
Product: E200e-b 
Version: v100r005c01;
Product: Cx200 
Version: v100r005;
Product: Cx300 
Version: v100r005;
Product: Eudemon 8160e 
Version: v100r003c00;
Product: Eudemon 8080e 
Version: v100r003c00;
Product: Eudemon usg9300 
Version: v100r003c00;
Product: Svn3000 
Version: v100r002c02spc802b041;
Product: Svn5300 
Version: v100r001c01b019;
Product: Nip2200 
Version: v100r001c00;
Product: Nip2100 
Version: v100r001c00;

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194373.htm

Related CVE
CVE-2018-7900
There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability.
CVE-2018-7956
Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.
CVE-2018-7977
There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain add...
CVE-2018-7961
There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful ex...
CVE-2018-7960
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with...
CVE-2018-7959
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may ca...
CVE-2018-7958
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to ins...
CVE-2018-7926
Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass perm...

Copyright 2019, cxsecurity.com

 

Back to Top