10

CVE-2012-6570

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.

Data is provided by the National Vulnerability Database (NVD)
HuaweiAr 18-1x Version <= r0130
HuaweiAr 18-2x Version <= r1712
HuaweiAr 18-3x Version <= r0118
HuaweiS2000 Versionr6305
HuaweiS2300 Versionr6305
HuaweiS2700 Versionr6305
HuaweiS3000 Versionr6305
HuaweiS3300 Versionr6305
HuaweiS3300hi Versionr6305
HuaweiS3500 Versionr6305
HuaweiS3700 Versionr6305
HuaweiS3900 Versionr6305
HuaweiS5100 Versionr6305
HuaweiS5600 Versionr6305
HuaweiS7800 Versionr6305
HuaweiS8500 Versionr1631
HuaweiS8500 Versionr1632
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.85% 0.727
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.