CVE-2016-6158
MEDIUMHuawei WS331a Router Firmware - Cross-Site Request Forgery
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors.
References (1)
Core 1
Core References
VDB Entry x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160907-01-ws331a-en
Scores
CVSS v3
6.1
EPSS
0.0016
EPSS Percentile
36.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
huawei/ws331a_router_firmware
ws331a-10_v100r001c02b017sp01
Published
Sep 21, 2016
Tracked Since
Feb 18, 2026