Published:2014/10/10  Last Updated:2014/10/10

JVN#63587560
Huawei E5332 vulnerable to denial-of-service (DoS)

Overview

Huawei E5332 contains a denial-of-service (DoS) vulnerability.

Products Affected

  • Huawei E5332 version 21.344.19.00.1080

Description

Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contains an issue when processing a GET request that contains an extremely long parameter, which lead to the device rebooting.

Impact

An attacker that can send requests to the device may cause the device to become unresponsive.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2014.10.10 (CVSS Base Metrics)

What is CVSS?

Measures Severity Description
Access Vector(AV) Local (L) Adjacent Network (A) Network (N) A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software.
Access Complexity(AC) High (H) Medium (M) Low (L) Specialized access conditions or extenuating circumstances do not exist.
Authentication(Au) Multiple (M) Single (S) None (N) The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).
Confidentiality Impact(C) None (N) Partial (P) Complete (C) There is no impact to the confidentiality of the system.
Integrity Impact(I) None (N) Partial (P) Complete (C) There is no impact to the integrity of the system.
Availability Impact(A) None (N) Partial (P) Complete (C) There is a total shutdown of the affected resource.

Base Score:5.5

Credit

Shuto Imai of Chukyo Univ. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2014-5328
JVN iPedia JVNDB-2014-000119