CVE-2015-8265

EPSS 0.57%
Published 01.02.2016 21:59:00
Last modified 12.04.2025 10:46:40
Source cret@cert.org
Teams watchlist Login
Open Login

Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ E5151 Firmware Version <= e5151s-2tcpu-v200r001b141d13sp00c1080

Huawei ≫ E5151 Version-
Huawei ≫ E5186 Version-

Huawei ≫ E5186 Firmware Version <= v200r001b306d01c00

Huawei ≫ E5151 Version-
Huawei ≫ E5186 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.57%	0.675

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160129-01-dns-en

Vendor Advisory

http://www.securityfocus.com/bid/82246

https://www.kb.cert.org/vuls/id/972224

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2015-8265

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8265

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8265

EUVD