CVE-2017-8156
MEDIUMHuawei B2338-168 Firmware V100R001C00 - Unauthenticated Serial Port Access
Title source: llmDescription
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en
Scores
CVSS v3
6.8
EPSS
0.0002
EPSS Percentile
6.8%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (2)
huawei/b2338-168_firmware
v100r001c00
Huawei Technologies Co., Ltd./B2338-168
V100R001C00
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026