What is the severity of CVE-2016-6669?

CVE-2016-6669 is considered a critical vulnerability due to its potential for remote code execution.

How do I fix CVE-2016-6669?

To mitigate CVE-2016-6669, you should upgrade to Huawei USG2100, USG2200, USG5100, or USG5500 firmware versions following V300R001C10SPC600.

Is there a workaround for CVE-2016-6669?

There are no documented workarounds for CVE-2016-6669; upgrading firmware is the recommended solution.

Vulnerability/
CVE-2016-6669

high

7.5

CWE

119

22/9/2016

6/8/2024

CVE-2016-6669: Buffer Overflow

Q: Which devices are affected by CVE-2016-6669?

CVE-2016-6669 affects Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways running vulnerable firmware.

Q: What type of attack does CVE-2016-6669 enable?

CVE-2016-6669 enables remote authenticated RADIUS servers to execute arbitrary code through crafted EAP packets.

First published: Thu Sep 22 2016(Updated: )

Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Huawei USG2100 Firmware	<=v300r001c00
Huawei USG2100 Firmware	<=v300r001c10
Huawei USG2200	<=v300r001c00
Huawei USG2200	<=v300r001c10
Huawei USG5100	<=v300r001c00
Huawei USG5100	<=v300r001c10
Huawei Unified Security Gateway Firmware	<=v300r001c00
Huawei Unified Security Gateway Firmware	<=v300r001c10
Huawei E200E-USG2100
Huawei E200 USG2200
Huawei E200 USG5100
Huawei USG5500 firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6669?
CVE-2016-6669 is considered a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2016-6669?
To mitigate CVE-2016-6669, you should upgrade to Huawei USG2100, USG2200, USG5100, or USG5500 firmware versions following V300R001C10SPC600.
Which devices are affected by CVE-2016-6669?
CVE-2016-6669 affects Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways running vulnerable firmware.
What type of attack does CVE-2016-6669 enable?
CVE-2016-6669 enables remote authenticated RADIUS servers to execute arbitrary code through crafted EAP packets.
Is there a workaround for CVE-2016-6669?
There are no documented workarounds for CVE-2016-6669; upgrading firmware is the recommended solution.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/description
agent/author
agent/first-publish-date
agent/event
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/huawei
canonical/huawei usg2100 firmware
version/huawei usg2100 firmware/v300r001c00
version/huawei usg2100 firmware/v300r001c10
canonical/huawei usg2200
version/huawei usg2200/v300r001c00
version/huawei usg2200/v300r001c10
canonical/huawei usg5100
version/huawei usg5100/v300r001c00
version/huawei usg5100/v300r001c10
canonical/huawei unified security gateway firmware
version/huawei unified security gateway firmware/v300r001c00
version/huawei unified security gateway firmware/v300r001c10
canonical/huawei e200e-usg2100
canonical/huawei e200 usg2200
canonical/huawei e200 usg5100
canonical/huawei usg5500 firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.