Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation.
References
Link | Resource |
---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-gateway-en | Vendor Advisory |
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-gateway-en | Vendor Advisory |
Configurations
History
21 Nov 2024, 04:12
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-gateway-en - Vendor Advisory |
Information
Published : 2018-05-10 14:29
Updated : 2024-11-21 04:12
NVD link : CVE-2018-7933
Mitre link : CVE-2018-7933
CVE.ORG link : CVE-2018-7933
JSON object : View
Products Affected
huawei
- ws5200
- ws5200_firmware
- hirouter-cd20_firmware
- hirouter-cd20
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')