Vulnerabilities > CVE-2017-8185 - Exposure of Resource to Wrong Sphere vulnerability in Huawei Me906S-158 Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

huawei

CWE-668

NVD

Published: 2017-11-22

Updated: 2019-10-03

Summary

ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Me906S 158 Firmware *	1
Hardware	Huawei Huawei Me906S 158 -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-me906s-en