CVE-2014-2968

Huawei E355 Web UI 11.001.08.00.03 - Cross-Site Scripting via SMS Message

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/688812

Scores

EPSS 0.0042
EPSS Percentile 62.3%

Details

CWE
CWE-79
Status published
Products (3)
huawei/e355 ch1e355sm
huawei/e355_firmware 21.157.37.01.910
huawei/e355_web_ui 11.001.08.00.03
Published Jul 24, 2014
Tracked Since Feb 18, 2026