VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jun 20, 2013· Updated Apr 29, 2026

CVE-2012-6570

CVE-2012-6570

Description

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.

Affected products

19
  • Huawei/Ar 18 1x
    cpe:2.3:h:huawei:ar_18-1x:*:*:*:*:*:*:*:*
    Range: <=r0130
  • Huawei/Ar 18 2x
    cpe:2.3:h:huawei:ar_18-2x:*:*:*:*:*:*:*:*
    Range: <=r1712
  • Huawei/Ar 18 3x
    cpe:2.3:h:huawei:ar_18-3x:*:*:*:*:*:*:*:*
    Range: <=r0118
  • Huawei/Ar 19\/29\/49
    cpe:2.3:h:huawei:ar_19\/29\/49:*:*:*:*:*:*:*:*
    Range: <=r2207
  • Huawei/Ar 28\/46
    cpe:2.3:h:huawei:ar_28\/46:*:*:*:*:*:*:*:*
    Range: <=r0311
  • Huawei/S2000
    cpe:2.3:h:huawei:s2000:r6305:*:*:*:*:*:*:*
  • Huawei/S2300
    cpe:2.3:h:huawei:s2300:r6305:*:*:*:*:*:*:*
  • Huawei/S2700
    cpe:2.3:h:huawei:s2700:r6305:*:*:*:*:*:*:*
  • Huawei/S3000
    cpe:2.3:h:huawei:s3000:r6305:*:*:*:*:*:*:*
  • Huawei/S3300hi
    cpe:2.3:h:huawei:s3300hi:r6305:*:*:*:*:*:*:*
  • Huawei/S3300
    cpe:2.3:h:huawei:s3300:r6305:*:*:*:*:*:*:*
  • Huawei/S3500
    cpe:2.3:h:huawei:s3500:r6305:*:*:*:*:*:*:*
  • Huawei/S3700
    cpe:2.3:h:huawei:s3700:r6305:*:*:*:*:*:*:*
  • Huawei/S3900
    cpe:2.3:h:huawei:s3900:r6305:*:*:*:*:*:*:*
  • Huawei/S5100
    cpe:2.3:h:huawei:s5100:r6305:*:*:*:*:*:*:*
  • Huawei/S5600
    cpe:2.3:h:huawei:s5600:r6305:*:*:*:*:*:*:*
  • Huawei/S7800
    cpe:2.3:h:huawei:s7800:r6305:*:*:*:*:*:*:*
  • Huawei/S85002 versions
    cpe:2.3:h:huawei:s8500:r1631:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:huawei:s8500:r1631:*:*:*:*:*:*:*
    • cpe:2.3:h:huawei:s8500:r1632:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.