CVE-2014-0337
Summary
| CVE | CVE-2014-0337 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-04-05 04:01:00 UTC |
| Updated | 2014-04-07 14:36:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Huawei | Echo Life | hg8247 | All | All | All |
| Hardware | Huawei | Echo Life | hg8247 | All | All | All |
| Operating System | Huawei | Echo Life Hg8247 Firmware | v1r006c00s120 | All | All | All |
| Operating System | Huawei | Echo Life Hg8247 Firmware | v1r006c00s120 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vulnerability Note VU#917700 - Huawei Echo Life HG8247 optical router XSS vulnerability | CERT-VN | www.kb.cert.org | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.