JSON Injection Vulnerability in Huawei 1288H V5 and 288H V5 Products
CVE-2018-7904

8.8HIGH

Key Information:

Vendor: McAfee
Status: 1288h V5; 2288h V5
Vendor: CVE Published:; 24 May 2018

What is CVE-2018-7904?

Huawei 1288H V5 and 288H V5 devices were found to have a JSON injection vulnerability due to inadequate input validation. This flaw allows an authenticated remote attacker to manipulate the system's administrator password, potentially granting them unauthorized management privileges.

Affected Version(s)

1288H V5; 2288H V5 V100R005C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2018
Vulnerability Reserved
Mar 9, 2018

JSON

McAfee

What is CVE-2018-7904?

Affected Version(s)

References

CVSS V3.1

Timeline