Lucene search
Huawei TechnologiesHUAWEI-SA-20180827-01-GATEWAYHistoryAug 27, 2018 - 12:00 a.m.
Security Advisory - Plug-in Signature Bypass Vulnerability in Some Huawei Products
2018-08-2700:00:00
Huawei Technologies
www.huawei.com
14
0.001 Low
EPSS
Percentile
26.2%
There is a plug-in signature bypass vulnerability in some Huawei products due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device. (Vulnerability ID: HWPSIRT-2018-02029)
This vulnerability has been assigned a CVE ID: CVE-2018-7937.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-gateway-en
| CPE | Name | Operator | Version |
|---|---|---|---|
| hirouter-cd20 | eq | HiRouter-CD20-10 | |
| hirouter-cd20 | eq | 1.9.6 | |
| ws5200-10 | eq | WS5200-10 | |
| ws5200-10 | eq | 1.9.6 |
Related
prion
prion
Security feature bypass
2018-09-04 16:29:00
cve
cve
CVE-2018-7937
2018-09-04 16:29:00
cvelist
cvelist
CVE-2018-7937
2018-09-04 16:00:00