CVE-2014-9137

CWE-352 — Cross-Site Request Forgery (CSRF)CWE-908 — Use of Uninitialized Resource4 documents4 sources

Severity

8.8HIGH

EPSS

0.1%

top 74.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Usg2100 Firmware Huawei Usg2200 Firmware Huawei Usg5100 Firmware +3 more

Timeline

PublishedApr 2

Latest updateFeb 26

Description

Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶NVDhuawei/usg2100_firmwarev300r001c00spc900

▶NVDhuawei/usg2200_firmwarev300r001c00spc900

▶NVDhuawei/usg5100_firmwarev300r001c00spc900

▶NVDhuawei/usg9500_firmwarev200r001c01spc800+1

▶NVDhuawei/usg5500_firmwarev300r001c00spc900

🔴Vulnerability Details

GHSA

GHSA-8753-fcrc-w2vr: Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG220↗2022-05-17

▶

CVEList

CVE-2014-9137: Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG220↗2017-04-02

▶

📋Vendor Advisories

Red Hat

kernel: regulator: da9121: Fix uninit-value in da9121_assign_chip_model()↗2025-02-26

▶