CVE-2014-9137: CSRF
First published: Sun Apr 02 2017(Updated: )
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei FusionManager | =v100r002c03 | |
| Huawei FusionManager | =v100r003c00 | |
| Huawei USG9500 firmware | <=v200r001c01spc800 | |
| Huawei USG9500 firmware | =v300r001c00 | |
| Huawei Eudemon USG9500 | ||
| Huawei USG2100 Firmware | <=v300r001c00spc900 | |
| Huawei E200E-USG2100 | ||
| Huawei USG2200 | <=v300r001c00spc900 | |
| Huawei E200 USG2200 | ||
| Huawei USG5100 | <=v300r001c00spc900 | |
| Huawei E200 USG5100 | ||
| Huawei Unified Security Gateway Firmware | <=v300r001c00spc900 | |
| Huawei USG5500 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-9137?
CVE-2014-9137 is classified as a critical vulnerability that allows unauthenticated remote attackers to execute Cross-Site Request Forgery (CSRF) attacks.
How do I fix CVE-2014-9137?
To mitigate CVE-2014-9137, users should upgrade to the latest firmware versions provided by Huawei for the affected USG series devices.
Which Huawei devices are affected by CVE-2014-9137?
CVE-2014-9137 affects Huawei USG9500, USG2100, USG2200, and USG5100 series devices running specified versions of their firmware.
Can CVE-2014-9137 be exploited remotely?
Yes, CVE-2014-9137 can be exploited by an unauthenticated remote attacker without the need for user interaction.
What types of attacks can result from CVE-2014-9137?
CVE-2014-9137 can lead to CSRF attacks, potentially allowing attackers to perform unauthorized actions on behalf of the user.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei fusionmanager
- version/huawei fusionmanager/v100r002c03
- version/huawei fusionmanager/v100r003c00
- canonical/huawei usg9500 firmware
- version/huawei usg9500 firmware/v200r001c01spc800
- version/huawei usg9500 firmware/v300r001c00
- canonical/huawei eudemon usg9500
- canonical/huawei usg2100 firmware
- version/huawei usg2100 firmware/v300r001c00spc900
- canonical/huawei e200e-usg2100
- canonical/huawei usg2200
- version/huawei usg2200/v300r001c00spc900
- canonical/huawei e200 usg2200
- canonical/huawei usg5100
- version/huawei usg5100/v300r001c00spc900
- canonical/huawei e200 usg5100
- canonical/huawei unified security gateway firmware
- version/huawei unified security gateway firmware/v300r001c00spc900
- canonical/huawei usg5500 firmware