CWE
94 20
Advisory Published
Updated

CVE-2018-7951: Code Injection

First published: Fri Jun 01 2018(Updated: )

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei 1288h V5 Firmware=100r005c00
Huawei 1288H V5
Huawei 2288h V5 Firmware=100r005c00
Huawei 2288h V5
Huawei 2488 V5 Firmware=100r005c00
Huawei 2488 V5
Huawei Ch121 V3 Firmware=100r001c00
Huawei Ch121 V3
Huawei Ch121l V3 Firmware=100r001c00
Huawei Ch121l V3
Huawei Ch121l V5 Firmware=100r001c00
Huawei Ch121l V5
Huawei Ch121 V5 Firmware=100r001c00
Huawei Ch121 V5
Huawei Ch140 V3 Firmware=100r001c00
Huawei Ch140 V3
Huawei Ch140l V3 Firmware=100r001c00
Huawei Ch140l V3
Huawei Ch220 V3 Firmware=100r001c00
Huawei Ch220 V3
Huawei Ch222 V3 Firmware=100r001c00
Huawei Ch222 V3
Huawei Ch242 V3 Firmware=100r001c00
Huawei Ch242 V3
Huawei Ch242 V5 Firmware=100r001c00
Huawei Ch242 V5
Huawei Rh1288 V3 Firmware=100r003c00
Huawei Rh1288 V3
Huawei Rh2288 V3 Firmware=100r003c00
Huawei Rh2288 V3
Huawei Xh310 V3 Firmware=100r003c00
Huawei Xh310 V3
Huawei Xh321 V3 Firmware=100r003c00
Huawei Xh321 V3
Huawei Xh321 V5 Firmware=100r005c00
Huawei Xh321 V5
Huawei Rh2288h V3 Firmware=100r003c00
Huawei Rh2288h V3
Huawei Xh620 V3 Firmware=100r003c00
Huawei Xh620 V3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203