Description
Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
20.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (23)
huawei/cd10-10_firmware
10.0.2.2 - 10.0.2.7
huawei/cd16-10_firmware
10.0.2.3 - 10.0.2.5
huawei/cd17-10_firmware
9.0.3.3 - 10.0.2.5
huawei/cd18-10_firmware
9.0.2.23 - 10.0.2.5
huawei/hirouter-cd15-10_firmware
9.0.2.3 - 10.0.2.5
huawei/hirouter-cd20-10_firmware
9.0.3.9 - 10.0.2.6
huawei/hirouter-cd21-16_firmware
9.0.3.9 - 10.0.2.5
huawei/hirouter-cd30-10_firmware
10.0.2.8 - 10.0.2.9
huawei/hirouter-cd30-11_firmware
10.0.2.8 - 10.0.2.9
huawei/hirouter-h1-10_firmware
9.0.3.11 - 10.0.2.5
... and 13 more
Published
Nov 29, 2019
Tracked Since
Feb 18, 2026