CVE-2018-7937

Published: Sep 4, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.

Vendor	Product	Versions
Huawei Technologies Co., Ltd.	HiRouter-CD20, WS5200-10	affected `The versions before HiRouter-CD20-10 1.9.6, The versions before WS5200-10 1.9.6`

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-gateway-en

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-7937

Description

Affected Products

References