CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-2946

Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.1%

CVSS Severity

CVSS v2 Score 6.8

References

http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html
http://secunia.com/advisories/58992
http://www.kb.cert.org/vuls/id/325636
http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html
http://secunia.com/advisories/58992
http://www.kb.cert.org/vuls/id/325636

Products affected by CVE-2014-2946

Huawei » Webui » Version: 11.010.06.01.858

cpe:2.3:a:huawei:webui:11.010.06.01.858
Huawei » E303 Modem » Version: ch2e303sm

cpe:2.3:h:huawei:e303_modem:ch2e303sm
Huawei » E303 Modem Firmware » Version: 22.157.18.00.858

cpe:2.3:o:huawei:e303_modem_firmware:22.157.18.00.858

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2946

Products

Pricing

Contact Us