cbcvebase.
CVE-2014-2946
published 2014-06-02

CVE-2014-2946: Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows…

PriorityP434medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.08%
60.8th percentile
Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document.

Affected

3 ranges
VendorProductVersion rangeFixed in
huaweie303_modem
huaweie303_modem_firmware
huaweiwebui
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.