Detections
Analytics

Huawei Multiple Device Authentication Bypass

medium Nessus Plugin ID 73155

Language:

Synopsis

The remote device is affected by an authentication bypass vulnerability.

Description

The remote Huawei device is affected by an authentication bypass vulnerability. Nessus was able to exploit this vulnerability to gain access to sensitive information on the device (such as the WPA preshared key). A remote attacker could exploit this flaw to perform administrative functions on the device.

Solution

Apply the appropriate firmware update, or restrict access to the device if an update is not available.

See Also

http://www.nessus.org/u?1d7f5eab

Plugin Details

Severity: Medium

ID: 73155

File Name: huawei_security_bypass.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 3/24/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2013-6031

Vulnerability Information

CPE: cpe:/h:huawei:e355, cpe:/o:huawei:e355_firmware

Required KB Items: www/ipwebs

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 3/6/2014

Vulnerability Publication Date: 3/6/2014

Reference Information

CVE: CVE-2013-6031

BID: 66017, 66065

CERT: 341526