JSON Injection Vulnerability in Huawei 1288H V5 and 288H V5 Products
CVE-2018-7903

8.8HIGH

Key Information:

Vendor: McAfee
Status: 1288h V5; 2288h V5
Vendor: CVE Published:; 24 May 2018

What is CVE-2018-7903?

The Huawei 1288H V5 and 288H V5 products feature a vulnerability that allows authenticated, remote attackers to exploit insufficient input verification. This JSON injection flaw enables attackers to modify the administrator's password, leading to unauthorized management access. Prompt remediation is essential to protect against potential exploitation.

Affected Version(s)

1288H V5; 2288H V5 V100R005C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2018
Vulnerability Reserved
Mar 9, 2018

JSON

McAfee

What is CVE-2018-7903?

Affected Version(s)

References

CVSS V3.1

Timeline