There is a plug-in signature bypass vulnerability in some Huawei products due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device. (Vulnerability ID: HWPSIRT-2018-02029)
This vulnerability has been assigned a CVE ID: CVE-2018-7937.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-gateway-en
CPE | Name | Operator | Version |
---|---|---|---|
hirouter-cd20 | eq | HiRouter-CD20-10 | |
hirouter-cd20 | eq | 1.9.6 | |
ws5200-10 | eq | WS5200-10 | |
ws5200-10 | eq | 1.9.6 |