CVE-2014-9137
HIGHHuawei USG9500 < V200R001C01SPC800, USG2100/2200/5100/5500 < V300R001C00SPC900 - CSRF
Title source: llmDescription
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/hw-372186
Scores
CVSS v3
8.8
EPSS
0.0009
EPSS Percentile
25.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (9)
huawei/fusionmanager
v100r002c03
huawei/fusionmanager
v100r003c00
huawei/usg2100_firmware
< v300r001c00spc900
huawei/usg2200_firmware
< v300r001c00spc900
huawei/usg5100_firmware
< v300r001c00spc900
huawei/usg5500_firmware
< v300r001c00spc900
huawei/usg9500_firmware
v300r001c00
huawei/usg9500_firmware
< v200r001c01spc800
n/a/USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R
USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R00
Published
Apr 02, 2017
Tracked Since
Feb 18, 2026