JSON Injection Vulnerability in Huawei 1288H V5 and 288H V5 Products
CVE-2018-7902

8.8HIGH

Key Information:

Vendor: McAfee
Status: 1288h V5; 2288h V5
Vendor: CVE Published:; 24 May 2018

What is CVE-2018-7902?

The JSON injection vulnerability found in Huawei 1288H V5 and 288H V5 devices allows an authenticated remote attacker to manipulate the administrator password due to inadequate input validation. This exploitation can grant unauthorized management access, posing a significant threat to the integrity and security of the system's operations.

Affected Version(s)

1288H V5; 2288H V5 V100R005C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2018
Vulnerability Reserved
Mar 9, 2018

JSON

McAfee

What is CVE-2018-7902?

Affected Version(s)

References

CVSS V3.1

Timeline