CVE-2013-4630

Huawei AR 150, 200, 1200, 2200, and 3200 - Stack-based Buffer Overflow via SNMPv3 Requests

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4630. PoCs published by Roberto Paleari.

AI-analyzed exploit summary This Python script exploits a stack-based buffer overflow in Huawei SNMPv3 service by sending a malformed SNMPv3 packet with an overly long 'UserName' field, causing a crash. The PoC uses Scapy to craft the packet and can be adapted for RCE.

Description

Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.

Exploits (1)

exploitdb WORKING POC
by Roberto Paleari · textdoshardware
https://www.exploit-db.com/exploits/25295

This Python script exploits a stack-based buffer overflow in Huawei SNMPv3 service by sending a malformed SNMPv3 packet with an overly long 'UserName' field, causing a crash. The PoC uses Scapy to craft the packet and can be adapted for RCE.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Huawei SNMPv3 service (e.g., AR1220 firmware V200R002C02SPC121T)
No auth needed
Prerequisites: Network access to the target device · SNMPv3 service running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/25295

Scores

EPSS 0.0391
EPSS Percentile 88.9%

Details

CWE
CWE-119
Status published
Products (15)
huawei/ar_1200 v200r001
huawei/ar_1200 v200r002
huawei/ar_1200 v200r003
huawei/ar_150 v200r001
huawei/ar_150 v200r002
huawei/ar_150 v200r003
huawei/ar_200 v200r001
huawei/ar_200 v200r002
huawei/ar_200 v200r003
huawei/ar_2200 v200r001
... and 5 more
Published Jun 20, 2013
Tracked Since Feb 18, 2026