CVE-2014-9134 : Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS86

Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.

Published 2014-12-03 21:59:02

Updated 2014-12-05 16:58:08

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2014-9134

Huawei » Honor Cube Wireless Router Ws860s Firewall
Versions up to, including, (<=) v100r001c02b219
cpe:2.3:o:huawei:honor_cube_wireless_router_ws860s_firewall:*:*:*:*:*:*:*:*
Matching versions
Huawei » Honor Cube Wireless Router Ws860s » Version: N/A
cpe:2.3:h:huawei:honor_cube_wireless_router_ws860s:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-9134

EPSS FAQ

3.67%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-9134

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2014-9134

http://www.securityfocus.com/bid/69806

Huawei Honor Cube WS860S Arbitrary File Upload Vulnerability
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-396206.htm

Security Advisory-File Upload Vulnerability on Huawei Honor Cube Wireless Router WS860s
Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-9134

Products affected by CVE-2014-9134

Exploit prediction scoring system (EPSS) score for CVE-2014-9134

CVSS scores for CVE-2014-9134

References for CVE-2014-9134