CVE-2017-15328
HIGHHuawei HG8245H < V300R018C00SPC110 - Unauthenticated Information Exposure via Privilege Verification Bypass
Title source: llmDescription
Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
http://support.huawei.com/carrier/docview%21docview?nid=DOC1000441394&path=PBI1-7275726/PBI1-7275742/PBI1-7912539/PBI1-22318696/PBI1-8952133/PBI1-8957546/PBI1-22412232/PBI1-22412234/PBI1-22807623
Third Party Advisory x_refsource_misc
https://hacked0x90.wordpress.com/2017/11/30/hg8245h-authentication-bypass/
Scores
CVSS v3
7.5
EPSS
0.0018
EPSS Percentile
38.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
huawei/hg8245h_firmware
< v300r018c00spc110
Huawei Technologies Co., Ltd./HG8245H
Earlier than EchoLife HG8245H V300R018C00SPC110
Published
Dec 22, 2017
Tracked Since
Feb 18, 2026