HIGH🇬🇧 English

CVE-2018-7937

CVSS 7.8v3.0pub. 2018-09-04upd. 2024-11-21

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Huawei Hirouter Cd20

    HW
    Huawei
    wszystkie wersje
  • Huawei Hirouter Cd20 Firmware

    OS
    Huawei
    < hirouter-cd20-10_1.9.6
  • Huawei Ws5200 10

    HW
    Huawei
    wszystkie wersje
  • Huawei Ws5200 10 Firmware

    OS
    Huawei
    < ws5200-10_1.9.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-5268HIGH8.1ten sam produkt

Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verif...

CVE-2019-5269HIGH7.8ten sam produkt

Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certai...

CVE-2018-7933HIGH7.8ten sam produkt

Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the ...

CVE-2019-0708CRITICAL9.8⚠ KEVten sam vendor

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services wh...

CVE-2026-34865CRITICAL10.0PL ✓ten sam vendor

HarmonyOS: przepełnienie bufora sterty (heap buffer overflow) w module WEB