The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
AV:N/AC:L/Au:N/C:P/I:P/A:PHuawei Ar 18 1x
HWHuawei≤ r0130Huawei Ar 18 2x
HWHuawei≤ r1712Huawei Ar 18 3x
HWHuawei≤ r0118Huawei Ar 19\/29\/49
HWHuawei≤ r2207Huawei Ar 28\/46
HWHuawei≤ r0311Huawei S2000
HWHuaweir6305Huawei S2300
HWHuaweir6305Huawei S2700
HWHuaweir6305Huawei S3000
HWHuaweir6305Huawei S3300
HWHuaweir6305Huawei S3300hi
HWHuaweir6305Huawei S3500
HWHuaweir6305Huawei S3700
HWHuaweir6305Huawei S3900
HWHuaweir6305Huawei S5100
HWHuaweir6305Huawei S5600
HWHuaweir6305Huawei S7800
HWHuaweir6305Huawei S8500
HWHuaweir1631r1632
Related vulnerabilities
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a functi...
There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R01...
There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by ...
Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted pa...
IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R0...