Vulnerabilities > CVE-2018-7937 - Unspecified vulnerability in Huawei Hirouter-Cd20 Firmware and Ws5200-10 Firmware

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

huawei

critical

NVD

Published: 2018-09-04

Updated: 2019-10-03

Summary

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Hirouter Cd20 Firmware * Huawei Ws5200 10 Firmware - Huawei Ws5200 10 Firmware 9.0.3.9 Huawei Ws5200 10 Firmware 10.0.2.6	4
Hardware	Huawei Huawei Hirouter Cd20 - Huawei Ws5200 10 -	2

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-gateway-en