No Authentication Vulnerability in Customer Premise Equipment by Huawei
CVE-2017-8155

8.4HIGH

Key Information:

Vendor: McAfee
Status: B2338-168
Vendor: CVE Published:; 22 November 2017

Summary

A vulnerability exists in Huawei's Customer Premise Equipment (CPE) model B2338-168 V100R001C00 that allows an attacker to send unauthorized commands to the outdoor unit. This happens due to a lack of authentication on a certain network port. If an attacker gains access to the network connecting the indoor and outdoor units, they can exploit this weakness to control the outdoor unit, potentially compromising the integrity of the entire system. Proper security measures and timely updates are recommended to mitigate this risk.

Affected Version(s)

B2338-168 V100R001C00

References

http://www.huawei.com/en/psirt/security-advisories/2017/h...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017