CVE-2014-2968
Published Jul 24, 2014
Last updated 10 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message.
- Source
- cret@cert.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Evaluator
- Comment
- Per: http://www.kb.cert.org/vuls/id/688812 "The following device configuration was reported to be vulnerable. Other versions may be affected: Hardware version: CH1E355SM Software version: 21.157.37.01.910 Web UI version: 11.001.08.00.03"
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:e355_web_ui:11.001.08.00.03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C60AEA9C-EDB6-43D0-AD23-263F15741F9B"
},
{
"criteria": "cpe:2.3:o:huawei:e355_firmware:21.157.37.01.910:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0677EE58-0F22-423C-9D3A-095B8611B68A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:e355:ch1e355sm:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FC2F568-05EB-4248-B526-F1195D8EECCD"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]