CVE-2017-8185

HIGH

Huawei Me906s-158 Firmware - Exposure to Wrong Actor

Title source: rule

Description

ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-me906s-en

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 5.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status draft

Affected Products (1)

huawei/me906s-158_firmware < me906s_installer_13.1805.10.3

Timeline

Published Nov 22, 2017

Tracked Since Feb 18, 2026