CVE-2021-37101

Опубликовано: 09 сент. 2021

Источник: nvd

CVSS3: 6.8

CVSS2: 7.2

EPSS Низкий

Описание

There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:huawei:ais-bw50-00_firmware:9.0.6.2\(h100sp10c00\):*:*:*:*:*:*:*

cpe:2.3:o:huawei:ais-bw50-00_firmware:9.0.6.2\(h100sp15c00\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:ais-bw50-00:-:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00023

Низкий

6.8 Medium

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-fxfq-qgmr-6pwm