high
8.8
CWE
352
Advisory Published
Updated

CVE-2014-9694: CSRF

First published: Sun Apr 02 2017(Updated: )

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions have a CSRF vulnerability. The products do not use the Token mechanism for web access control. When users log in to the Huawei servers and access websites containing the malicious CSRF script, the CSRF script is executed, which may cause configuration tampering and system restart.

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei RH1288A V2 Firmware<=v100r002c00spc107
Huawei Tecal Rh1288 V2 Firmware
Huawei Tecal Rh2265 V2=v100r002c00
Huawei Tecal Rh2265 V2
Huawei Tecal Rh2285 V2<=v100r002c00spc115
Huawei Tecal Rh2285 V2 Firmware
Huawei RH2285H V2 Firmware<=v100r002c00spc111
Huawei Tecal Rh2285 V2 Firmware
Huawei RH2268 V2 Firmware=v100r002c00
Huawei Tecal RH2268 V2
Huawei RH2288 V2 Firmware<=v100r002c00spc117
Huawei Tecal RH2288 V2
Huawei RH2288H V2 Firmware<=v100r002c00spc115
Huawei Tecal Rh2288h V2 Firmware
Huawei RH2485 V2 Firmware<=v100r002c00spc502
Huawei Tecal Rh2485 V2 Firmware
Huawei RH5885 V2 Firmware<=v100r001c02spc109
Huawei RH5885 V2
Huawei Tecal Rh5885 V3<=v100r003c01spc102
Huawei Tecal Rh5885h V3
Huawei Tecal Rh5885 V3 Firmware<=v100r003c00spc102
Huawei Tecal Rh5885h V3 Firmware
Huawei Tecal Xh310 V2<=v100r001c00spc110
Huawei Tecal Xh310 V2 Firmware
Huawei Tecal Xh311 V2<=v100r001c00spc110
Huawei Tecal Xh311 V2 Firmware
Huawei Tecal Xh320 V2<=v100r001c00spc110
Huawei Tecal Xh320 V2 Firmware
Huawei Tecal Xh621 V2 Firmware<=v100r001c00spc106
Huawei Tecal Xh621 V2 Firmware
Huawei Tecal Dh310 V2 Firmware<=v100r001c00spc110
Huawei Tecal Dh310 V2 Firmware
Huawei Tecal Dh320 V2<=v100r001c00spc106
Huawei Tecal Dh320 V2
Huawei Tecal Dh620 V2<=v100r001c00spc106
Huawei Tecal Dh620 V2 Firmware
Huawei Tecal Dh621 V2 Firmware<=v100r001c00spc107
Huawei Tecal Dh621 V2 Firmware
Huawei Tecal Dh628 V2<=v100r001c00spc107
Huawei Tecal Dh628 V2 Firmware
Huawei Tecal Bh620 V2<=v100r002c00spc107
Huawei Tecal Bh620 V2 Firmware
Huawei Tecal Bh621 V2<=v100r002c00spc106
Huawei Tecal Bh621 V2 Firmware
Huawei BH622 V2 Firmware<=v100r002c00spc110
Huawei Tecal Bh622 V2 Firmware
Huawei BH640 V2 Firmware<=v100r002c00spc108
Huawei Tecal Bh640 V2
Huawei CH121 Firmware<=v100r001c00spc180
Huawei CH121
Huawei CH140 Firmware<=v100r001c00spc110
Huawei Tecal CH140
Huawei CH220 Firmware<=v100r001c00spc180
Huawei Tecal CH220
Huawei CH221 Firmware<=v100r001c00spc180
Huawei Tecal Ch221
Huawei CH222 Firmware<=v100r002c00spc180
Huawei Tecal Ch222 Firmware
Huawei Tecal Ch240<=v100r001c00spc180
Huawei Tecal Ch240 Firmware
Huawei Tecal Ch242 V3 Firmware<=v100r001c00spc180
Huawei Tecal Ch242 V3 Firmware
Huawei Tecal Ch242 V3 Firmware<=v100r001c00spc110
Huawei Tecal Ch242 V3 Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203