CVE-2016-6901

Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands.

Published: Sep 26, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-6901
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:L/Au:S/C:N/I:N/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
huawei / ar_firmware	200r005	200r005.x
huawei / ar_firmware	200r006	200r006.x
huawei / ar_firmware	200r007c00	200r007c00.x
huawei / netengine_16ex_firmware	200r005	200r005.x
huawei / netengine_16ex_firmware	200r006	200r006.x
huawei / netengine_16ex_firmware	200r007c00	200r007c00.x

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en
http://www.securityfocus.com/bid/92618

Vulnerability Database

289,784

CVE-2016-6901