JVN#63587560
Huawei E5332 vulnerable to denial-of-service (DoS)
Overview
Huawei E5332 contains a denial-of-service (DoS) vulnerability.
Products Affected
- Huawei E5332 version 21.344.19.00.1080
Description
Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contains an issue when processing a GET request that contains an extremely long parameter, which lead to the device rebooting.
Impact
An attacker that can send requests to the device may cause the device to become unresponsive.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Vendor Status
Vendor | Link |
Huawei Technologies | Security Advisory-Memory Overflow Vulnerabilities on Huawei E5332 Webserver |
Support - Downloads |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2014.10.10 (CVSS Base Metrics)
Measures | Severity | Description | ||
---|---|---|---|---|
Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) | A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software. |
Access Complexity(AC) | High (H) | Medium (M) | Low (L) | Specialized access conditions or extenuating circumstances do not exist. |
Authentication(Au) | Multiple (M) | Single (S) | None (N) | The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface). |
Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) | There is no impact to the confidentiality of the system. |
Integrity Impact(I) | None (N) | Partial (P) | Complete (C) | There is no impact to the integrity of the system. |
Availability Impact(A) | None (N) | Partial (P) | Complete (C) | There is a total shutdown of the affected resource. |
Base Score:5.5
Credit
Shuto Imai of Chukyo Univ. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert | |
JPCERT Reports | |
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2014-5328 |
JVN iPedia |
JVNDB-2014-000119 |