There is a path traversal vulnerability on some Huawei home gateway products. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation. (Vulnerability ID: HWPSIRT-2018-02030)
This vulnerability has been assigned a CVE ID: CVE-2018-7933.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-gateway-en
CPE | Name | Operator | Version |
---|---|---|---|
hirouter-cd20 | eq | HiRouter-CD20-10 | |
hirouter-cd20 | eq | 1.9.6 | |
ws5200 | eq | WS5200-10 | |
ws5200 | eq | 1.9.6 |