Vulnerabilities > CVE-2018-7937 - Unspecified vulnerability in Huawei Hirouter-Cd20 Firmware and Ws5200-10 Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

huawei

NVD

Published: 2018-09-04

Updated: 2019-10-03

Summary

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Hirouter Cd20 Firmware * Huawei Ws5200 10 Firmware - Huawei Ws5200 10 Firmware 9.0.3.9 Huawei Ws5200 10 Firmware 10.0.2.6	4
Hardware	Huawei Huawei Hirouter Cd20 - Huawei Ws5200 10 -	2

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-gateway-en