CVE-2016-5365 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2016-5365?

CVE-2016-5365 has a CVSS score of 9.8 (CRITICAL). A stack-based buffer overflow vulnerability in Huawei Honor WS851 routers allows remote attackers to execute arbitrary commands with root privileges. This affects routers running software version 1.1.21.1 and earlier. Attackers can gain complete control of affected devices without authentication.

📋 TL;DR

A stack-based buffer overflow vulnerability in Huawei Honor WS851 routers allows remote attackers to execute arbitrary commands with root privileges. This affects routers running software version 1.1.21.1 and earlier. Attackers can gain complete control of affected devices without authentication.

💻 Affected Systems

Products:

Huawei Honor WS851 router

Versions: 1.1.21.1 and earlier

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default configurations; remote exploitation possible via unspecified vectors.

📦 What is this software?

Honor Ws851 Firmware by Huawei

View all CVEs affecting Honor Ws851 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with root access, enabling traffic interception, network pivoting, malware deployment, and persistent backdoor installation.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, and botnet recruitment.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CVSS 9.8 indicates critical severity with low attack complexity; specific exploit vectors not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 1.1.21.1

Vendor Advisory: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-en

Restart Required: Yes

Instructions:

1. Access router admin interface. 2. Check for firmware updates. 3. Download and install latest firmware. 4. Reboot router after update.

🔧 Temporary Workarounds

Network isolation

all

Place router behind firewall with strict inbound rules to limit exposure.

Access restriction

all

Disable remote administration and restrict management interface to trusted IPs.

🧯 If You Can't Patch

Replace affected router with supported model
Implement network segmentation to isolate router from critical assets

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface; if version is 1.1.21.1 or earlier, device is vulnerable.

Check Version:

Login to router admin interface and navigate to System Status or Firmware Information page.

Verify Fix Applied:

Confirm firmware version is higher than 1.1.21.1 after update.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed access attempts followed by successful root access

Network Indicators:

Unexpected outbound connections from router
DNS configuration changes
Unusual traffic patterns from router IP

SIEM Query:

source="router_logs" AND (event="command_execution" OR user="root")

📊 Metadata

CVE ID: CVE-2016-5365

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-264

Published: June 14, 2016

Last Updated: April 12, 2025

🔗 References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-en Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160607-01-honorrouter-en Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-5365, you might also want to check these: