CVE-2021-37123
CRITICALHuawei Hero-CT060 Firmware < 1.0.0.200 - Improper Authentication
Title source: llmDescription
There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210929-01-auth-en
Scores
CVSS v3
9.8
EPSS
0.0018
EPSS Percentile
39.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
huawei/hero-ct060_firmware
< 1.0.0.200
Published
Oct 11, 2021
Tracked Since
Feb 18, 2026