CVE-2014-9136
HIGHHuawei FusionManager V100R002C03 V100R003C00 - Unauthenticated Cross-Site Request Forgery
Title source: llmDescription
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/hw-372186
Scores
CVSS v3
8.8
EPSS
0.0009
EPSS Percentile
25.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (7)
huawei/fusionmanager
< v100r002c03
huawei/usg2100_firmware
< v300r001c00spc900
huawei/usg2200_firmware
< v300r001c00spc900
huawei/usg5100_firmware
< v300r001c00spc900
huawei/usg5500_firmware
< v300r001c00spc900
huawei/usg9500_firmware
< v200r001c01spc800
n/a/FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,
FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,
Published
Apr 02, 2017
Tracked Since
Feb 18, 2026