EIP-2026-101394

PRE-CVE

Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101394. PoCs published by Rizki Wicaksono.

AI-analyzed exploit summary This is a detailed writeup describing an XSS vulnerability in the Huawei E960 HSDPA Router (firmware version 246.11.04.11.110sp04) that can be exploited via SMS messages. The attack leverages unescaped SMS content in the router's web interface to execute arbitrary JavaScript.

Description

Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED
by Rizki Wicaksono · textremotehardware
https://www.exploit-db.com/exploits/8096

This is a detailed writeup describing an XSS vulnerability in the Huawei E960 HSDPA Router (firmware version 246.11.04.11.110sp04) that can be exploited via SMS messages. The attack leverages unescaped SMS content in the router's web interface to execute arbitrary JavaScript.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Huawei E960 HSDPA Router (firmware version 246.11.04.11.110sp04)
No auth needed
Prerequisites: Ability to send SMS to the target router
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026