Description
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en
Scores
CVSS v3
8.8
EPSS
0.0006
EPSS Percentile
18.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (20)
huawei/1288h_v5_firmware
100r005c00
huawei/2288h_v5_firmware
100r005c00
huawei/2488_v5_firmware
100r005c00
huawei/ch121_v3_firmware
100r001c00
huawei/ch121_v5_firmware
100r001c00
huawei/ch121l_v3_firmware
100r001c00
huawei/ch121l_v5_firmware
100r001c00
huawei/ch140_v3_firmware
100r001c00
huawei/ch140l_v3_firmware
100r001c00
huawei/ch220_v3_firmware
100r001c00
... and 10 more
Published
May 10, 2018
Tracked Since
Feb 18, 2026