CVE-2016-6669

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.5HIGH

EPSS

2.1%

top 15.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Usg2100 Firmware Huawei Usg2200 Firmware Huawei Usg5100 Firmware +1 more

Timeline

PublishedSep 22

Latest updateMay 17

Description

Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

▶NVDhuawei/usg2100_firmwarev300r001c00+1

▶NVDhuawei/usg2200_firmwarev300r001c00+1

▶NVDhuawei/usg5100_firmwarev300r001c00+1

▶NVDhuawei/usg5500_firmwarev300r001c00+1

🔴Vulnerability Details

GHSA

GHSA-gcgf-wxvg-gv3w: Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gat↗2022-05-17

▶

CVEList

CVE-2016-6669: Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gat↗2016-09-22

▶