10.0.3.1(H563Sp21C233)

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

huawei

CWE-863

NVD

Published: 2020-08-17

Updated: 2021-07-21

Summary

Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei E6878 370 Firmware 10.0.3.1\(H563Sp1C00\) Huawei E6878 370 Firmware 10.0.3.1\(H563Sp21C233\)	2
Hardware	Huawei Huawei E6878 370 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en