CVE-2016-6901

EPSS 0.23%
Published 26.09.2016 16:59:08
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Ar Firmware Versionv200r005

   Huawei ≫ Ar100 Version-
   Huawei ≫ Ar120 Version-
   Huawei ≫ Ar1200 Version-
   Huawei ≫ Ar150 Version-
   Huawei ≫ Ar200 Version-
   Huawei ≫ Ar2200 Version-
   Huawei ≫ Ar2500 Version-
   Huawei ≫ Ar3200 Version-
   Huawei ≫ Ar3600 Version-
   Huawei ≫ Ar500 Version-
   Huawei ≫ Ar550 Version-

Huawei ≫ Ar Firmware Versionv200r006

Huawei ≫ Ar Firmware Versionv200r007c00

Huawei ≫ Netengine 16ex Firmware Versionv200r005

Huawei ≫ Netengine 16ex Version-

Huawei ≫ Netengine 16ex Firmware Versionv200r006

Huawei ≫ Netengine 16ex Version-

Huawei ≫ Netengine 16ex Firmware Versionv200r007c00

Huawei ≫ Netengine 16ex Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.23%	0.431

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en

Vendor Advisory

http://www.securityfocus.com/bid/92618

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-6901

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6901

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6901

EUVD