Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Webui | 11.010.06.01.858 |
| Huawei | E303 Modem Firmware | 22.157.18.00.858 |
| Huawei | E303 Modem | ch2e303sm |
Related Weaknesses (CWE)
References
- http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html
- http://secunia.com/advisories/58992
- http://www.kb.cert.org/vuls/id/325636US Government Resource
- http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html
- http://secunia.com/advisories/58992
- http://www.kb.cert.org/vuls/id/325636US Government Resource
FAQ
What is CVE-2014-2946?
CVE-2014-2946 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentica...
How severe is CVE-2014-2946?
CVE-2014-2946 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2946?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Webui, Huawei E303 Modem Firmware, Huawei E303 Modem.