Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-6570

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.

Published

2013-06-20T15:55:00.967

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	huawei	ar_18-1x	≤ r0130	Yes
Hardware	huawei	ar_18-2x	≤ r1712	Yes
Hardware	huawei	ar_18-3x	≤ r0118	Yes
Hardware	huawei	ar_19\/29\/49	≤ r2207	Yes
Hardware	huawei	ar_28\/46	≤ r0311	Yes
Hardware	huawei	s2000	r6305	Yes
Hardware	huawei	s2300	r6305	Yes
Hardware	huawei	s2700	r6305	Yes
Hardware	huawei	s3000	r6305	Yes
Hardware	huawei	s3300	r6305	Yes
Hardware	huawei	s3300hi	r6305	Yes
Hardware	huawei	s3500	r6305	Yes
Hardware	huawei	s3700	r6305	Yes
Hardware	huawei	s3900	r6305	Yes
Hardware	huawei	s5100	r6305	Yes
Hardware	huawei	s5600	r6305	Yes
Hardware	huawei	s7800	r6305	Yes
Hardware	huawei	s8500	r1631	Yes
Hardware	huawei	s8500	r1632	Yes

References

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm Vendor Advisory ([email protected])
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)