Vulnerability identifier: #VU22787
Vulnerability risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Huawei CD10-10
Hardware solutions /
Routers for home users
Huawei CD16-10
Hardware solutions /
Routers for home users
Huawei WS5102-10
Hardware solutions /
Routers for home users
Huawei WS5106-10
Hardware solutions /
Routers for home users
Huawei WS5108-10
Hardware solutions /
Routers for home users
Huawei WS5200-10
Hardware solutions /
Routers for home users
Huawei WS5200-11
Hardware solutions /
Routers for home users
Huawei WS5280-10
Hardware solutions /
Routers for home users
Huawei WS5280-11
Hardware solutions /
Routers for home users
Huawei WS6500-10
Hardware solutions /
Routers for home users
Huawei WS6500-11
Hardware solutions /
Routers for home users
Huawei WS826-10
Hardware solutions /
Routers for home users
Huawei WS5100-10
Hardware solutions /
Routers for home users
Huawei TC5200-10
Hardware solutions /
Routers for home users
Huawei HiRouter-H1-10
Hardware solutions /
Routers for home users
Huawei HiRouter-CD30-11
Hardware solutions /
Routers for home users
Huawei HiRouter-CD30-10
Hardware solutions /
Routers for home users
Huawei HiRouter-CD21-16
Hardware solutions /
Routers for home users
Huawei HiRouter-CD20-10
Hardware solutions /
Routers for home users
Huawei HiRouter-CD15-10
Hardware solutions /
Routers for home users
Huawei CD18-10
Hardware solutions /
Routers for home users
Huawei CD17-10
Hardware solutions /
Routers for home users
Vendor: Huawei
Description
The vulnerability allows a local user to bypass authorization checks.
The vulnerability exists due to improper authorization of certain programs. A local user can execute uploaded malicious files and escalate privilege on the target system.Mitigation
Install updates from vendor's website.
Vulnerable software versions
Huawei CD10-10: 10.0.2.2
Huawei CD16-10: 10.0.2.3
Huawei WS5102-10: 10.0.2.2
Huawei WS5106-10: 10.0.2.2
Huawei WS5108-10: 10.0.2.2
Huawei WS5200-10: 9.0.3.9 - 10.0.2.2(C05)
Huawei WS5200-11: 9.0.3.11 - 10.0.2.3
Huawei WS5280-10: 9.0.3.22
Huawei WS5280-11: 9.0.3.22
Huawei WS6500-10: 10.0.2.3
Huawei WS6500-11: 10.0.2.2
Huawei WS826-10: 9.0.3.11
Huawei WS5100-10: 9.0.3.11
Huawei TC5200-10: 10.0.2.3
Huawei HiRouter-H1-10: 9.0.3.11
Huawei HiRouter-CD30-11: 10.0.2.8
Huawei HiRouter-CD30-10: 10.0.2.8
Huawei HiRouter-CD21-16: 9.0.3.9
Huawei HiRouter-CD20-10: 9.0.3.9
Huawei HiRouter-CD15-10: 9.0.2.3
Huawei CD18-10: 9.0.2.23
Huawei CD17-10: 9.0.3.3
External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.