10.0.3.1(H563Sp1C233)

CVSS 7.5 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

high complexity

huawei

CWE-416

NVD

Published: 2020-05-21

Updated: 2020-05-21

Summary

E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP1C233) has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code execution.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei E6878 370 Firmware 10.0.3.1\(H557Sp27C233\) Huawei E6878 370 Firmware 10.0.3.1\(H563Sp1C00\) Huawei E6878 370 Firmware 10.0.3.1\(H563Sp1C233\)	3
Hardware	Huawei Huawei E6878 370 -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200520-01-uaf-en