CVE-2013-4631

Huawei AR 150, 200, 1200, 2200, and 3200 - Denial of Service via Malformed SNMPv3 Requests

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4631. PoCs published by Roberto Paleari.

AI-analyzed exploit summary This Python script exploits a stack-based buffer overflow in Huawei SNMPv3 service by sending a malformed SNMPv3 packet with an overly long 'UserName' field, causing a crash. The PoC uses Scapy to craft the packet and can be adapted for RCE.

Description

Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues.

Exploits (1)

exploitdb WORKING POC
by Roberto Paleari · textdoshardware
https://www.exploit-db.com/exploits/25295

This Python script exploits a stack-based buffer overflow in Huawei SNMPv3 service by sending a malformed SNMPv3 packet with an overly long 'UserName' field, causing a crash. The PoC uses Scapy to craft the packet and can be adapted for RCE.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Huawei SNMPv3 service (e.g., AR1220 firmware V200R002C02SPC121T)
No auth needed
Prerequisites: Network access to the target device · SNMPv3 service running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

EPSS 0.0382
EPSS Percentile 88.7%

Details

CWE
CWE-119
Status published
Products (15)
huawei/ar_1200 v200r001
huawei/ar_1200 v200r002
huawei/ar_1200 v200r003
huawei/ar_150 v200r001
huawei/ar_150 v200r002
huawei/ar_150 v200r003
huawei/ar_200 v200r001
huawei/ar_200 v200r002
huawei/ar_200 v200r003
huawei/ar_2200 v200r001
... and 5 more
Published Jun 20, 2013
Tracked Since Feb 18, 2026