Vulnerability identifier: #VU22780
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Huawei CD10-10
Hardware solutions /
Routers for home users
Huawei CD16-10
Hardware solutions /
Routers for home users
Huawei WS5102-10
Hardware solutions /
Routers for home users
Huawei WS5106-10
Hardware solutions /
Routers for home users
Huawei WS5108-10
Hardware solutions /
Routers for home users
Huawei WS5200-10
Hardware solutions /
Routers for home users
Huawei WS5200-11
Hardware solutions /
Routers for home users
Huawei WS5280-10
Hardware solutions /
Routers for home users
Huawei WS5280-11
Hardware solutions /
Routers for home users
Huawei WS6500-10
Hardware solutions /
Routers for home users
Huawei WS6500-11
Hardware solutions /
Routers for home users
Huawei WS826-10
Hardware solutions /
Routers for home users
Huawei WS5100-10
Hardware solutions /
Routers for home users
Huawei TC5200-10
Hardware solutions /
Routers for home users
Huawei HiRouter-H1-10
Hardware solutions /
Routers for home users
Huawei HiRouter-CD30-11
Hardware solutions /
Routers for home users
Huawei HiRouter-CD30-10
Hardware solutions /
Routers for home users
Huawei HiRouter-CD21-16
Hardware solutions /
Routers for home users
Huawei HiRouter-CD20-10
Hardware solutions /
Routers for home users
Huawei HiRouter-CD15-10
Hardware solutions /
Routers for home users
Huawei CD18-10
Hardware solutions /
Routers for home users
Huawei CD17-10
Hardware solutions /
Routers for home users
Vendor: Huawei
Description
The vulnerability allows a local user to upload arbitrary files.
The vulnerability exists due to insufficient validation of user-supplied input. An authenticated attacker on adjacent network with access to the device can send a specially crafted packet to obtain files in the device and upload files to some directories.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Huawei CD10-10: 10.0.2.2
Huawei CD16-10: 10.0.2.3
Huawei WS5102-10: 10.0.2.2
Huawei WS5106-10: 10.0.2.2
Huawei WS5108-10: 10.0.2.2
Huawei WS5200-10: 9.0.3.9 - 10.0.2.2(C05)
Huawei WS5200-11: 9.0.3.11 - 10.0.2.3
Huawei WS5280-10: 9.0.3.22
Huawei WS5280-11: 9.0.3.22
Huawei WS6500-10: 10.0.2.3
Huawei WS6500-11: 10.0.2.2
Huawei WS826-10: 9.0.3.11
Huawei WS5100-10: 9.0.3.11
Huawei TC5200-10: 10.0.2.3
Huawei HiRouter-H1-10: 9.0.3.11
Huawei HiRouter-CD30-11: 10.0.2.8
Huawei HiRouter-CD30-10: 10.0.2.8
Huawei HiRouter-CD21-16: 9.0.3.9
Huawei HiRouter-CD20-10: 9.0.3.9
Huawei HiRouter-CD15-10: 9.0.2.3
Huawei CD18-10: 9.0.2.23
Huawei CD17-10: 9.0.3.3
External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.