CVE-2014-5395

Huawei E5180s-22 Firmware < 21.270.21.00.00 - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5395. PoCs published by Nathu Nandwani.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Huawei E5330 routers, allowing an attacker to send unauthorized SMS messages via a crafted HTML page. The PoC sets up a local HTTP server to serve the malicious payload, which triggers an XMLHttpRequest to the router's SMS API.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors.

Exploits (1)

exploitdb WORKING POC

by Nathu Nandwani · pythonwebappshardware

https://www.exploit-db.com/exploits/46092

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Huawei E5330 routers, allowing an attacker to send unauthorized SMS messages via a crafted HTML page. The PoC sets up a local HTTP server to serve the malicious payload, which triggers an XMLHttpRequest to the router's SMS API.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Huawei E5330 21.210.09.00.158

Auth required

Prerequisites: Victim must be authenticated to the router · Victim must visit the attacker's malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69162

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46092/

Scores

EPSS 0.0092

EPSS Percentile 55.6%

Details

CWE

CWE-352

Status published

Products (4)

huawei/e3236_firmware < webui-13.100.10.00.03

huawei/e3276_firmware < webui-13.100.09.00.03

huawei/e5180s-22_firmware < e5180s-22tcpu-21.270.05.01.00

huawei/e586bs-2_firmware < e586bs-2tcpu-21.322.08.00.889

Published Nov 21, 2014

Tracked Since Feb 18, 2026