Vulnerability Details : CVE-2015-8265
Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors.
Vulnerability category: Input validation
Products affected by CVE-2015-8265
- cpe:2.3:o:huawei:e5151_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:e5186_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8265
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8265
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2015-8265
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8265
-
https://www.kb.cert.org/vuls/id/972224
VU#972224 - Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queriesThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/82246
Huawei E5186 CVE-2015-8265 Denial of Service Vulnerability
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160129-01-dns-en
huawei-sa-20160129-01-dns-enVendor Advisory
Jump to