CVE-2018-7950: Code Injection
First published: Fri Jun 01 2018(Updated: )
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei 1288h V5 Firmware | =100r005c00 | |
| Huawei 1288H V5 | ||
| Huawei 2288h V5 Firmware | =100r005c00 | |
| Huawei 2288h V5 | ||
| Huawei 2488 V5 Firmware | =100r005c00 | |
| Huawei 2488 V5 | ||
| Huawei Ch121 V3 Firmware | =100r001c00 | |
| Huawei Ch121 V3 | ||
| Huawei Ch121l V3 Firmware | =100r001c00 | |
| Huawei Ch121l V3 | ||
| Huawei Ch121l V5 Firmware | =100r001c00 | |
| Huawei Ch121l V5 | ||
| Huawei Ch121 V5 Firmware | =100r001c00 | |
| Huawei Ch121 V5 | ||
| Huawei Ch140 V3 Firmware | =100r001c00 | |
| Huawei Ch140 V3 | ||
| Huawei Ch140l V3 Firmware | =100r001c00 | |
| Huawei Ch140l V3 | ||
| Huawei Ch220 V3 Firmware | =100r001c00 | |
| Huawei Ch220 V3 | ||
| Huawei Ch222 V3 Firmware | =100r001c00 | |
| Huawei Ch222 V3 | ||
| Huawei Ch242 V3 Firmware | =100r001c00 | |
| Huawei Ch242 V3 | ||
| Huawei Ch242 V5 Firmware | =100r001c00 | |
| Huawei Ch242 V5 | ||
| Huawei Rh1288 V3 Firmware | =100r003c00 | |
| Huawei Rh1288 V3 | ||
| Huawei Rh2288 V3 Firmware | =100r003c00 | |
| Huawei Rh2288 V3 | ||
| Huawei Xh310 V3 Firmware | =100r003c00 | |
| Huawei Xh310 V3 | ||
| Huawei Xh321 V3 Firmware | =100r003c00 | |
| Huawei Xh321 V3 | ||
| Huawei Xh321 V5 Firmware | =100r005c00 | |
| Huawei Xh321 V5 | ||
| Huawei Rh2288h V3 Firmware | =100r003c00 | |
| Huawei Rh2288h V3 | ||
| Huawei Xh620 V3 Firmware | =100r003c00 | |
| Huawei Xh620 V3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei 1288h v5 firmware
- version/huawei 1288h v5 firmware/100r005c00
- canonical/huawei 1288h v5
- canonical/huawei 2288h v5 firmware
- version/huawei 2288h v5 firmware/100r005c00
- canonical/huawei 2288h v5
- canonical/huawei 2488 v5 firmware
- version/huawei 2488 v5 firmware/100r005c00
- canonical/huawei 2488 v5
- canonical/huawei ch121 v3 firmware
- version/huawei ch121 v3 firmware/100r001c00
- canonical/huawei ch121 v3
- canonical/huawei ch121l v3 firmware
- version/huawei ch121l v3 firmware/100r001c00
- canonical/huawei ch121l v3
- canonical/huawei ch121l v5 firmware
- version/huawei ch121l v5 firmware/100r001c00
- canonical/huawei ch121l v5
- canonical/huawei ch121 v5 firmware
- version/huawei ch121 v5 firmware/100r001c00
- canonical/huawei ch121 v5
- canonical/huawei ch140 v3 firmware
- version/huawei ch140 v3 firmware/100r001c00
- canonical/huawei ch140 v3
- canonical/huawei ch140l v3 firmware
- version/huawei ch140l v3 firmware/100r001c00
- canonical/huawei ch140l v3
- canonical/huawei ch220 v3 firmware
- version/huawei ch220 v3 firmware/100r001c00
- canonical/huawei ch220 v3
- canonical/huawei ch222 v3 firmware
- version/huawei ch222 v3 firmware/100r001c00
- canonical/huawei ch222 v3
- canonical/huawei ch242 v3 firmware
- version/huawei ch242 v3 firmware/100r001c00
- canonical/huawei ch242 v3
- canonical/huawei ch242 v5 firmware
- version/huawei ch242 v5 firmware/100r001c00
- canonical/huawei ch242 v5
- canonical/huawei rh1288 v3 firmware
- version/huawei rh1288 v3 firmware/100r003c00
- canonical/huawei rh1288 v3
- canonical/huawei rh2288 v3 firmware
- version/huawei rh2288 v3 firmware/100r003c00
- canonical/huawei rh2288 v3
- canonical/huawei xh310 v3 firmware
- version/huawei xh310 v3 firmware/100r003c00
- canonical/huawei xh310 v3
- canonical/huawei xh321 v3 firmware
- version/huawei xh321 v3 firmware/100r003c00
- canonical/huawei xh321 v3
- canonical/huawei xh321 v5 firmware
- version/huawei xh321 v5 firmware/100r005c00
- canonical/huawei xh321 v5
- canonical/huawei rh2288h v3 firmware
- version/huawei rh2288h v3 firmware/100r003c00
- canonical/huawei rh2288h v3
- canonical/huawei xh620 v3 firmware
- version/huawei xh620 v3 firmware/100r003c00
- canonical/huawei xh620 v3