CVE-2017-8155
HIGHHuawei B2338-168 Firmware V100R001C00 - Unauthenticated Remote Command Execution via Specific Port
Title source: llmDescription
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en
Scores
CVSS v3
8.4
EPSS
0.0002
EPSS Percentile
6.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (2)
huawei/b2338-168_firmware
v100r001c00
Huawei Technologies Co., Ltd./B2338-168
V100R001C00
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026