CVE-2017-8156
First published: Wed Nov 22 2017(Updated: )
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei B2338-168 | =v100r001c00 | |
| Huawei B2338-168 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-8156?
CVE-2017-8156 has a moderate severity level due to the potential for unauthorized access to the outdoor unit's serial port.
How do I fix CVE-2017-8156?
To mitigate CVE-2017-8156, ensure that the outdoor unit firmware is updated to a version that addresses this vulnerability.
Who is affected by CVE-2017-8156?
Users of the Huawei B2338-168 CPE with firmware version v100r001c00 are affected by CVE-2017-8156.
What type of vulnerability is CVE-2017-8156?
CVE-2017-8156 is an authentication vulnerability that allows unauthorized access to the serial port.
Can CVE-2017-8156 be exploited remotely?
CVE-2017-8156 requires physical access to the outdoor unit's serial port, making remote exploitation unlikely.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei b2338-168
- version/huawei b2338-168/v100r001c00
- canonical/huawei b2338-168 firmware