CVE-2018-7937

Опубликовано: 04 сент. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-gateway-en
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-gateway-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:hirouter-cd20_firmware:*:*:*:*:*:*:*:*

Версия до hirouter-cd20-10_1.9.6 (исключая)

cpe:2.3:h:huawei:hirouter-cd20:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:huawei:ws5200-10_firmware:*:*:*:*:*:*:*:*

Версия до ws5200-10_1.9.6 (исключая)

cpe:2.3:h:huawei:ws5200-10:-:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00068

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-r2pp-xf6c-g7rw