CVE-2014-8359

Huawei Mobile Partner 23.009.05.03.1014 - Untrusted Search Path and DLL Hijacking via wintab32.dll

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8359. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit describes a local privilege escalation vulnerability in Huawei du Mobile Broadband 16.0 due to improper file permissions, allowing any user to replace the executable with a malicious binary to gain SYSTEM privileges on reboot.

Description

Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.

Exploits (1)

exploitdb WRITEUP
by LiquidWorm · textlocalwindows
https://www.exploit-db.com/exploits/30477

The exploit describes a local privilege escalation vulnerability in Huawei du Mobile Broadband 16.0 due to improper file permissions, allowing any user to replace the executable with a malicious binary to gain SYSTEM privileges on reboot.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Huawei du Mobile Broadband 16.002.03.16.124
No auth needed
Prerequisites: Local access to the affected system · Ability to replace the executable file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

EPSS 0.0130
EPSS Percentile 66.7%

Details

CWE
CWE-264
Status published
Products (4)
huawei/ec156
huawei/ec176
huawei/ec177
huawei/mobile_partner_firmware 23.009.05.03.1014
Published Nov 13, 2014
Tracked Since Feb 18, 2026