Vulnerability Details CVE-2018-7937
In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
Products affected by CVE-2018-7937
-
cpe:2.3:h:huawei:hirouter-cd20:-
-
cpe:2.3:h:huawei:ws5200-10:-
-
cpe:2.3:o:huawei:hirouter-cd20_firmware:*
-
cpe:2.3:o:huawei:ws5200-10_firmware:-
-
cpe:2.3:o:huawei:ws5200-10_firmware:10.0.2.6
-
cpe:2.3:o:huawei:ws5200-10_firmware:9.0.3.9