CVE-2012-6570

CWE-119Buffer Overflow3 documents3 sources
Severity
10.0CRITICAL
EPSS
0.7%
top 28.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Huawei AR 18-1xHuawei AR 18-2xHuawei AR 18-3x+15 more
Timeline
PublishedJun 20
Latest updateMay 17

Description

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages18 packages

NVDhuawei/s2000r6305
NVDhuawei/s3000r6305
NVDhuawei/s3500r6305
NVDhuawei/s3900r6305
NVDhuawei/s5100r6305

🔴Vulnerability Details

2
GHSA
GHSA-33q9-hj3m-p778: The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500,2022-05-17
CVEList
CVE-2012-6570: The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500,2013-06-20
CVE-2012-6570 (CRITICAL CVSS 10) | The HTTP module in the (1) Branch I | cvebase.io