CVE-2018-7937
First published: Tue Sep 04 2018(Updated: )
In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Hirouter-cd20 Firmware | <hirouter-cd20-10_1.9.6 | |
| Huawei HiRouter-CD20 | ||
| Huawei Ws5200-10 Firmware | <ws5200-10_1.9.6 | |
| Huawei Ws5200-10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei hirouter-cd20 firmware
- canonical/huawei hirouter-cd20
- canonical/huawei ws5200-10 firmware
- canonical/huawei ws5200-10