CVE-2018-7933

Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:huawei:hirouter-cd20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-cd20:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:huawei:ws5200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5200:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-10 14:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-7933

Mitre link : CVE-2018-7933

CVE.ORG link : CVE-2018-7933


JSON object : View

Products Affected

huawei

  • ws5200
  • ws5200_firmware
  • hirouter-cd20_firmware
  • hirouter-cd20
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')