CVE-2012-6571
Huawei AR and S Series Switches - Session Hijacking via Predictable Session ID
Title source: llmDescription
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm
Scores
EPSS
0.0020
EPSS Percentile
41.3%
Details
CWE
CWE-310
Status
published
Products (19)
huawei/ar_18-1x
< r0130
huawei/ar_18-2x
< r1712
huawei/ar_18-3x
< r0118
huawei/ar_19\/29\/49
< r2207
huawei/ar_28\/46
< r0311
huawei/s2000
r6305
huawei/s2300
r6305
huawei/s2700
r6305
huawei/s3000
r6305
huawei/s3300
r6305
... and 9 more
Published
Jun 20, 2013
Tracked Since
Feb 18, 2026