CVE-2017-8185

HIGH

Huawei ME906s-158 < ME906S_Installer_13.1805.10.3 - Privilege Escalation via Malicious Configuration File Execution

Title source: llm

Description

ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-me906s-en

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 6.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-668

Status published

Products (2)

huawei/me906s-158_firmware < me906s_installer_13.1805.10.3

Huawei Technologies Co., Ltd./ME906s-158 Earlier than ME906S_Installer_13.1805.10.3 versions

Published Nov 22, 2017

Tracked Since Feb 18, 2026