CVE-2016-6901
MEDIUMHuawei AR and NetEngine 16EX Firmware - Authenticated Denial of Service via Format String Specifiers
Title source: llmDescription
Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92618
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en
Scores
CVSS v3
6.5
EPSS
0.0023
EPSS Percentile
46.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (6)
huawei/ar_firmware
v200r005
huawei/ar_firmware
v200r006
huawei/ar_firmware
v200r007c00
huawei/netengine_16ex_firmware
v200r005
huawei/netengine_16ex_firmware
v200r006
huawei/netengine_16ex_firmware
v200r007c00
Published
Sep 26, 2016
Tracked Since
Feb 18, 2026