CVE-2012-6570

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.

Published: Jun 20, 2013
Updated: Apr 13, 2023
CVE: CVE-2012-6570
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
huawei / ar_19/29/49	-	r2207.x
huawei / ar_18-2x	-	r1712.x
huawei / ar_18-3x	-	r0118.x
huawei / ar_28/46	-	r0311.x
huawei / ar_18-1x	-	r0130.x
huawei / s2300	r6305	r6305.x
huawei / s8500	r1631	r1631.x
huawei / s3300hi	r6305	r6305.x
huawei / s3500	r6305	r6305.x
huawei / s5100	r6305	r6305.x
huawei / s3000	r6305	r6305.x
huawei / s5600	r6305	r6305.x
huawei / s3900	r6305	r6305.x
huawei / s3300	r6305	r6305.x
huawei / s3700	r6305	r6305.x
huawei / s2700	r6305	r6305.x
huawei / s7800	r6305	r6305.x
huawei / s8500	r1632	r1632.x
huawei / s2000	r6305	r6305.x

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm

Vulnerability Database

289,599

CVE-2012-6570