CVE-2016-6178Improper Input Validation in Huawei Cloudengine 12800 Firmware

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
1.3%
top 20.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Huawei Cloudengine 12800 FirmwareHuawei Cx600 FirmwareHuawei Ne40e Firmware+2 more
Timeline
PublishedAug 2
Latest updateMay 17

Description

Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDhuawei/cx600_firmware4 versions+3
NVDhuawei/ne40e_firmware5 versions+4
NVDhuawei/ne5000e_firmwarev800r006c00

🔴Vulnerability Details

2
GHSA
GHSA-4p27-5ccp-g5cr: Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with so2022-05-17
CVEList
CVE-2016-6178: Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with so2016-08-02
CVE-2016-6178 — Improper Input Validation in Huawei | cvebase