CVE-2018-7933
HIGHHuawei HiRouter-CD20 <1.9.6 & WS5200-10 <1.9.6 - Path Traversal
Title source: llmDescription
Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-gateway-en
Scores
CVSS v3
7.8
EPSS
0.0022
EPSS Percentile
44.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (2)
huawei/hirouter-cd20_firmware
< hirouter-cd20-10_1.9.6
huawei/ws5200_firmware
< ws5200-10_1.9.6
Published
May 10, 2018
Tracked Since
Feb 18, 2026