CVE-2012-5968
Huawei E585 - Unauthenticated Sensitive Information Exposure and Session Hijacking
Title source: llmDescription
The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/871148
Scores
EPSS
0.0008
EPSS Percentile
22.9%
Details
CWE
CWE-20
Status
published
Products (2)
huawei/e585
huawei/e585u-82
Published
Dec 19, 2012
Tracked Since
Feb 18, 2026