Vulnerability Description
In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Hirouter-Cd20 Firmware | < hirouter-cd20-10_1.9.6 |
| Huawei | Hirouter-Cd20 | - |
| Huawei | Ws5200-10 Firmware | < ws5200-10_1.9.6 |
| Huawei | Ws5200-10 | - |
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-gatewayVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-gatewayVendor Advisory
FAQ
What is CVE-2018-7937?
CVE-2018-7937 is a vulnerability with a CVSS score of 7.8 (HIGH). In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An a...
How severe is CVE-2018-7937?
CVE-2018-7937 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7937?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Hirouter-Cd20 Firmware, Huawei Hirouter-Cd20, Huawei Ws5200-10 Firmware, Huawei Ws5200-10.