CVE-2013-4630
published 2013-06-20CVE-2013-4630: Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary…
PriorityP353high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
3.91%
89.0th percentile
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| huawei | ar_1200 | — | — |
| huawei | ar_1200 | — | — |
| huawei | ar_1200 | — | — |
| huawei | ar_150 | — | — |
| huawei | ar_150 | — | — |
| huawei | ar_150 | — | — |
| huawei | ar_200 | — | — |
| huawei | ar_200 | — | — |
| huawei | ar_200 | — | — |
| huawei | ar_2200 | — | — |
| huawei | ar_2200 | — | — |
| huawei | ar_2200 | — | — |
| huawei | ar_3200 | — | — |
| huawei | ar_3200 | — | — |
| huawei | ar_3200 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect oversized SNMPv3 USM UserName or AuthoritativeEngineID fields — a UserName or AuthoritativeEngineID value of ~4096 bytes in an SNMPv3 packet is a strong indicator of exploitation attempts against CVE-2013-4630. ↗
- →Monitor SNMPv3 UDP/161 traffic from unauthenticated/unknown sources — exploitation does not require valid SNMPv3 credentials or configured users, and ACLs are ineffective as packets are processed regardless of source IP. ↗
- →Alert on SNMPv3 packets with flags field set to 4 (authNoPriv) combined with anomalously large security parameter fields, as used in the PoC. ↗
- ·The more severe RCE-capable overflow class only triggers when SNMP debugging is enabled on the device; the default configuration does not expose this specific code path. ↗
- ·ACL-based mitigations are ineffective for the default-configuration overflow class; SNMPv3 packets from any source IP are processed by the device regardless of ACL rules. ↗
- ·The vulnerability is exploitable even with zero SNMPv3 users configured on the device, meaning disabling user accounts is not a sufficient mitigation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2013-06-20
Published