Vulnerability Details : CVE-2015-6586
The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network.
Vulnerability category: Information leak
Products affected by CVE-2015-6586
- cpe:2.3:o:huawei:wlan_acu2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:wlan_acu2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:wlan_acu2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:wlan_ac6005_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:wlan_ac6005_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:wlan_ac6005_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:wlan_ac6605_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:wlan_ac6605_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:wlan_ac6605_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6586
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6586
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2015-6586
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6586
-
http://www.securityfocus.com/bid/76684
Huawei WLAN AC Products CVE-2015-6586 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-453516.htm
Security Advisory - mDNS Message Improper Handling Vulnerability in Huawei WLAN AC ProductsMitigation;Vendor Advisory
Jump to