Use After Free Vulnerability in Huawei E6878-370 Products
CVE-2020-1799

7.5HIGH

Key Information:

Vendor: Huawei
Status: E6878-370
Vendor: CVE Published:; 21 May 2020

Summary

The Huawei E6878-370 products are affected by a use after free vulnerability that occurs when the software erroneously references memory after it has been freed. This flaw can be exploited by an attacker through a series of specifically crafted operations via the web portal, resulting in a potential execution of malicious code. Users are advised to review their device configurations and consider applying any available updates promptly to mitigate risks associated with this vulnerability.

Affected Version(s)

E6878-370 10.0.3.1(H557SP27C233),10.0.3.1(H563SP1C00),10.0.3.1(H563SP1C233)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 21, 2020
Vulnerability Reserved
Nov 29, 2019