-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability ________________________________________________________________________ Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a XSS vulnerability in the Web UI. A specialy crafted SMS can bypass the function used to sanitize incoming SMS messages. ________________________________________________________________________ Details: ________________________________________________________________________ CVSS Version 2 Metrics: Access Vector: Network exploitable Access Complexity: Low Authentication: Not required to exploit Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None ________________________________________________________________________ Disclosure Timeline: 2013-03-18 Vendor notified 2013-07-15 Public advisory ________________________________________________________________________ References: http://www.huawei.com/en/security/psirt/ ________________________________________________________________________ Frédéric Basse -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJR48qIAAoJENQ4kG3hg80AgyoIAI1bZC6gBiob30teyqUNnFct ppgDCCoS4EadET2CFk3871qHQiHU5dxgYelk3K5XDO6H9ghh4BDkrxNB2/rDWwgu 0jNV1Fl9DTbTa1nrKCDXuexD6cEEvCPq9AkEMUeIVpm6LzgguWZzbvd5cfx9zMYY lyUGkqUE17fGcQKLjHxb//9aiv8CDO7vdsSS2NrpeGZmzNnP7trLpcLVwJ1bM72R 0XSHM+RBFPh43/YYOhmVmMWEusMIzC1JNMRGybd4jYTg4dxmBUb+2joMnI2ZMPHM 3963oSvU/sLYGtoTD4j8hFSoG151E9soIyJ5q6HMTP0hFEtG5tMHKbVrn9jf3tE= =8k04 -----END PGP SIGNATURE-----
