7.5
CWE
200 310
Advisory Published
Updated

CVE-2016-6838: Infoleak

First published: Wed Sep 07 2016(Updated: )

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Huawei RH1288 V3 Firmware=v100r003c00
Huawei Rh2288h V3 Server Firmware=v100r003c00
Huawei X6800 V3 Server Firmware=v100r003c00
Huawei XH620 V3=v100r003c00
Huawei RH1288 V3
Huawei RH2288H V3 Server
Huawei X6800 V3 Server
Huawei XH620 V3
Huawei Ch121 V3 Firmware=v100r001c00
Huawei CH140L V3=v100r001c00
Huawei Ch220 V3 Server=v100r001c00
Huawei Ch222 V3=v100r001c00
Huawei Ch226 V3 Server Firmware=v100r001c00
Huawei FusionServer CH121 V3
Huawei Ch140 V3 Server Firmware
Huawei FusionServer CH220 V3
Huawei FusionServer Ch222 V3
Huawei Ch226 V3 Server Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2016-6838?

    CVE-2016-6838 has a medium severity rating affecting various Huawei server firmware versions.

  • How do I fix CVE-2016-6838?

    To fix CVE-2016-6838, upgrade your Huawei servers to the specified firmware versions that patch the vulnerability.

  • Which Huawei servers are affected by CVE-2016-6838?

    CVE-2016-6838 affects Huawei X6800, XH620 V3, RH1288 V3, RH2288 V3, CH140 V3, and CH226 V3 servers.

  • What versions of Huawei server firmware are vulnerable to CVE-2016-6838?

    Firmware versions before V100R003C00SPC606 for various models are vulnerable to CVE-2016-6838.

  • Is there a workaround for CVE-2016-6838?

    There are no known workarounds for CVE-2016-6838; the recommended action is to apply the firmware updates.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203