cbcvebase.
CVE-2013-4630
published 2013-06-20

CVE-2013-4630: Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary…

PriorityP353high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
3.91%
89.0th percentile
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.

Affected

15 ranges
VendorProductVersion rangeFixed in
huaweiar_1200
huaweiar_1200
huaweiar_1200
huaweiar_150
huaweiar_150
huaweiar_150
huaweiar_200
huaweiar_200
huaweiar_200
huaweiar_2200
huaweiar_2200
huaweiar_2200
huaweiar_3200
huaweiar_3200
huaweiar_3200

Detection & IOCsextracted from sources · hover to see the quote

portUDP/161
commandpkt["SNMPv3"].security.user_name = "A"*4096
commandpkt["SNMPv3"].flags = 4
versionV200R002C02SPC121T
  • Detect oversized SNMPv3 USM UserName or AuthoritativeEngineID fields — a UserName or AuthoritativeEngineID value of ~4096 bytes in an SNMPv3 packet is a strong indicator of exploitation attempts against CVE-2013-4630.
  • Monitor SNMPv3 UDP/161 traffic from unauthenticated/unknown sources — exploitation does not require valid SNMPv3 credentials or configured users, and ACLs are ineffective as packets are processed regardless of source IP.
  • Alert on SNMPv3 packets with flags field set to 4 (authNoPriv) combined with anomalously large security parameter fields, as used in the PoC.
  • ·The more severe RCE-capable overflow class only triggers when SNMP debugging is enabled on the device; the default configuration does not expose this specific code path.
  • ·ACL-based mitigations are ineffective for the default-configuration overflow class; SNMPv3 packets from any source IP are processed by the device regardless of ACL rules.
  • ·The vulnerability is exploitable even with zero SNMPv3 users configured on the device, meaning disabling user accounts is not a sufficient mitigation.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.