Vulnerability Details CVE-2018-7933
Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2018-7933
-
cpe:2.3:h:huawei:hirouter-cd20:-
-
cpe:2.3:h:huawei:ws5200:-
-
cpe:2.3:o:huawei:hirouter-cd20_firmware:*
-
cpe:2.3:o:huawei:ws5200_firmware:*