CVE-2013-6031

Huawei E355 Firmware 21.157.37.01.910 - Unauthenticated Sensitive Information Disclosure via API

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6031. PoCs published by Jimson K James, including Metasploit module auxiliary/gather/huawei_wifi_info.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated information disclosure vulnerability in Huawei SOHO routers by accessing API endpoints that leak sensitive data such as WiFi credentials, device details, and network configurations.

Description

The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings.

Exploits (1)

metasploit WORKING POC
by Jimson K James · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/huawei_wifi_info.rb

This Metasploit module exploits an unauthenticated information disclosure vulnerability in Huawei SOHO routers by accessing API endpoints that leak sensitive data such as WiFi credentials, device details, and network configurations.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Huawei SOHO routers (affected by CVE-2013-6031)
No auth needed
Prerequisites: Network access to the vulnerable Huawei router
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/341526

Scores

EPSS 0.0371
EPSS Percentile 88.1%

Details

CWE
CWE-287
Status published
Products (2)
huawei/e355
huawei/e355_firmware 21.157.37.01.910
Published Mar 11, 2014
Tracked Since Feb 18, 2026