Information disclosure in Huawei S12700
CVE-2016-6670
Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by…
Vulnerability class: Information Disclosure
EPSS: 0.001 (17.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Huawei S12700
- Huawei S7700
- Huawei S7700_firmware — versions v200r003c00, v200r005c00
- Huawei S9300
- Huawei S9300_firmware — versions v200r003c00, v200r005c00
- Huawei S9700
- Huawei S9700_firmware — versions v200r003c00, v200r005c00
- Huawei_firmware S12700 — versions v200r005c00
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
- 92438 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2016-6670?
- CVE-2016-6670 is a medium-severity vulnerability in Huawei S12700, classified under Information Disclosure. CVSS score: 5.3/10. Published 2016-09-07.
- How severe is CVE-2016-6670?
- Medium severity. CVSS v3 base score is 5.3 out of 10.