CVE-2012-4960

Huawei Various - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4960. PoCs published by Roberto Paleari, ghcohu.

AI-analyzed exploit summary This exploit demonstrates a weak password encryption vulnerability in multiple Huawei products. It decrypts stored passwords by reversing a custom encoding scheme and applying DES decryption with a static key.

Description

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Roberto Paleari · pythonremotehardware
https://www.exploit-db.com/exploits/38020

This exploit demonstrates a weak password encryption vulnerability in multiple Huawei products. It decrypts stored passwords by reversing a custom encoding scheme and applying DES decryption with a static key.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Huawei Quidway series, CX600, ME60, AR 19/29/49
No auth needed
Prerequisites: Access to encrypted password storage
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by ghcohu · poc
https://github.com/ghcohu/Decrypt-passwords-for-Huawei-routers-and-switches-CVE-2012-4960

This PoC decrypts passwords from Huawei routers and switches affected by CVE-2012-4960, which uses a weak DES encryption algorithm. The script converts an encrypted 24-character string into plaintext using a hardcoded DES key.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Multiple Huawei products (e.g., CX200, S3500, NE5000E, etc.)
No auth needed
Prerequisites: Encrypted password string (24 characters) from affected Huawei device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/948096

Scores

EPSS 0.0345
EPSS Percentile 87.5%

Details

CWE
CWE-310
Status published
Products (50)
huawei/acu v100r003c01spc100
huawei/acu v200r001c00
huawei/acu v200r001c00spc100
huawei/ar_19\/29\/49 < r2207
huawei/ar_g3 v200r001c00
huawei/ar_g3 v200r001c01
huawei/ar_g3 v200r002c00spc200
huawei/atn v200r001c00
huawei/atn v200r001c01
huawei/cx200 v100r005
... and 40 more
Published Jun 20, 2013
Tracked Since Feb 18, 2026