CVE-2018-7937

HIGH

Huawei HiRouter-CD20-10 <1.9.6 & WS5200-10 <1.9.6 - Privilege Escal...

Title source: llm

Description

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-gateway-en

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 21.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (2)

huawei/hirouter-cd20_firmware < hirouter-cd20-10_1.9.6

huawei/ws5200-10_firmware < ws5200-10_1.9.6

Published Sep 04, 2018

Tracked Since Feb 18, 2026