CVE-2018-7937

EPSS 0.8%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

04 Sep 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.

Affected products

Huawei Technologies Co., Ltd. · HiRouter-CD20, WS5200-10

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-gateway-en