Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9416

4 documents4 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 77.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Huawei Espace Desktop
Timeline
PublishedDec 24
Latest updateMay 14

Description

Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

â–¶NVDhuawei/espace_desktopv200r003c00

🔴Vulnerability Details

2
GHSA
GHSA-jcmg-wfgx-j6m3: Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL↗2022-05-14
â–¶
CVEList
CVE-2014-9416: Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL↗2014-12-24
â–¶

💥Exploits & PoCs

1
Exploit-DB
Huawei eSpace 1.1.11.103 - DLL Hijacking↗2019-05-20
â–¶
CVE-2014-9416 (MEDIUM CVSS 4.4) | Multiple untrusted search path vuln | cvebase.io