No Authentication Vulnerability in Huawei Customer Premise Equipment B2338-168
CVE-2017-8156

6.8MEDIUM

Key Information:

Vendor: McAfee
Status: B2338-168
Vendor: CVE Published:; 22 November 2017

Summary

A no authentication vulnerability exists in the outdoor unit of the Huawei Customer Premise Equipment (CPE) product B2338-168 V100R001C00. This flaw allows an attacker to gain unauthorized access to the serial port on the circuit board of the outdoor unit. Upon successful exploitation, the attacker can log in without any authentication, potentially leading to complete control over the CPE device. This issue emphasizes the importance of securing access points in network devices to prevent unauthorized control and misuse.

Affected Version(s)

B2338-168 V100R001C00

References

http://www.huawei.com/en/psirt/security-advisories/2017/h...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017