Unrated severityNVD Advisory· Published Jun 20, 2013· Updated Apr 29, 2026

CVE-2012-6571

Description

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

Affected products

Huawei/Ar 18 1x
cpe:2.3:h:huawei:ar_18-1x:*:*:*:*:*:*:*:*
Range: <=r0130
Huawei/Ar 18 2x
cpe:2.3:h:huawei:ar_18-2x:*:*:*:*:*:*:*:*
Range: <=r1712
Huawei/Ar 18 3x
cpe:2.3:h:huawei:ar_18-3x:*:*:*:*:*:*:*:*
Range: <=r0118
Huawei/Ar 19\/29\/49
cpe:2.3:h:huawei:ar_19\/29\/49:*:*:*:*:*:*:*:*
Range: <=r2207
Huawei/Ar 28\/46
cpe:2.3:h:huawei:ar_28\/46:*:*:*:*:*:*:*:*
Range: <=r0311
Huawei/S2000
cpe:2.3:h:huawei:s2000:r6305:*:*:*:*:*:*:*
Huawei/S2300
cpe:2.3:h:huawei:s2300:r6305:*:*:*:*:*:*:*
Huawei/S2700
cpe:2.3:h:huawei:s2700:r6305:*:*:*:*:*:*:*
Huawei/S3000
cpe:2.3:h:huawei:s3000:r6305:*:*:*:*:*:*:*
Huawei/S3300hi
cpe:2.3:h:huawei:s3300hi:r6305:*:*:*:*:*:*:*
Huawei/S3300
cpe:2.3:h:huawei:s3300:r6305:*:*:*:*:*:*:*
Huawei/S3500
cpe:2.3:h:huawei:s3500:r6305:*:*:*:*:*:*:*
Huawei/S3700
cpe:2.3:h:huawei:s3700:r6305:*:*:*:*:*:*:*
Huawei/S3900
cpe:2.3:h:huawei:s3900:r6305:*:*:*:*:*:*:*
Huawei/S5100
cpe:2.3:h:huawei:s5100:r6305:*:*:*:*:*:*:*
Huawei/S5600
cpe:2.3:h:huawei:s5600:r6305:*:*:*:*:*:*:*
Huawei/S7800
cpe:2.3:h:huawei:s7800:r6305:*:*:*:*:*:*:*
Huawei/S85002 versions
cpe:2.3:h:huawei:s8500:r1631:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:huawei:s8500:r1631:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:s8500:r1632:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htmnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000