CVE-2013-6031 Information

Description

The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages which allows remote attackers to change passwords and settings or obtain sensitive information via a direct request to (1) api/wlan/security-settings (2) api/device/information (3) api/wlan/basic-settings (4) api/wlan/mac-filter (5) api/monitoring/status or (6) api/dhcp/settings.

Reference

http://www.kb.cert.org/vuls/id/341526 https://github.com/aczire/huawei-csrf-info_disclosure/blob/master/huawei_wifi_info.rb