CVE-2014-9136

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 74.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Fusionmanager Huawei Usg2100 Firmware Huawei Usg2200 Firmware +3 more

Timeline

PublishedApr 2

Latest updateMay 17

Description

Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶NVDhuawei/fusionmanagerv100r002c03+1

▶NVDhuawei/usg2100_firmwarev300r001c00spc900

▶NVDhuawei/usg2200_firmwarev300r001c00spc900

▶NVDhuawei/usg5100_firmwarev300r001c00spc900

▶NVDhuawei/usg5500_firmwarev300r001c00spc900

🔴Vulnerability Details

GHSA

GHSA-9hx5-xwg7-h8m3: Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the us↗2022-05-17

▶

CVEList

CVE-2014-9136: Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the us↗2017-04-02

▶