CVE-2016-6838
HIGHHuawei Rh1288 V3 Server Firmware - Information Disclosure
Title source: ruleDescription
Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92503
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en
Scores
CVSS v3
7.5
EPSS
0.0007
EPSS Percentile
21.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-310
Status
published
Products (9)
huawei/ch121_v3_server_firmware
v100r001c00
huawei/ch140_v3_server_firmware
v100r001c00
huawei/ch220_v3_server_firmware
v100r001c00
huawei/ch222_v3_server_firmware
v100r001c00
huawei/ch226_v3_server_firmware
v100r001c00
huawei/rh1288_v3_server_firmware
v100r003c00
huawei/rh2288_v3_server_firmware
v100r003c00
huawei/x6800_v3_server_firmware
v100r003c00
huawei/xh620_v3_server_firmware
v100r003c00
Published
Sep 07, 2016
Tracked Since
Feb 18, 2026