CVE-2020-9241

HIGH

Huawei 5G Mobile WiFi E6878-370 <10.0.3.1 - Auth Bypass

Title source: llm

Description

Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en

Scores

CVSS v3 7.0

EPSS 0.0017

EPSS Percentile 38.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Details

Status published

Products (2)

huawei/e6878-370_firmware 10.0.3.1\(h563sp1c00\)

huawei/e6878-370_firmware 10.0.3.1\(h563sp21c233\)

Published Aug 17, 2020

Tracked Since Feb 18, 2026