CVE-2017-8156

EPSS 0.3%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

22 Nov 2017Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.

Affected products

Huawei Technologies Co., Ltd. · B2338-168

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en