9.0.6.2(H100Sp15C00)

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

huawei

NVD

Published: 2021-09-09

Updated: 2022-05-03

Summary

There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei AIS Bw50 00 Firmware 9.0.6.2\(H100Sp15C00\) Huawei AIS Bw50 00 Firmware 9.0.6.2\(H100Sp10C00\)	2
Hardware	Huawei Huawei AIS Bw50 00 -	1

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en