CVE-2018-7937

7.8HIGH

Key Information

Vendor: McAfee
Status: Hirouter-cd20, Ws5200-10
Vendor: CVE Published:; 4 September 2018

Summary

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.

Affected Version(s)

HiRouter-CD20, WS5200-10 = The versions before HiRouter-CD20-10 1.9.6, The versions before WS5200-10 1.9.6

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2018
Vulnerability Reserved
Mar 9, 2018

Collectors

NVD DatabaseMitre Database