Vulnerability Details CVE-2021-37028
There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.8%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 6.9
References
- http://jvn.jp/en/jp/JVN41646618/index.html
- https://support.huawei.com/carrier/navi?coltype=software#col=software&from=product&detailId=PBI1-252279599&path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383
- http://jvn.jp/en/jp/JVN41646618/index.html
- https://support.huawei.com/carrier/navi?coltype=software#col=software&from=product&detailId=PBI1-252279599&path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383
Products affected by CVE-2021-37028
-
cpe:2.3:h:huawei:hg8045q:-
-
cpe:2.3:o:huawei:hg8045q_firmware:v300r016c00spc110
-
cpe:2.3:o:huawei:hg8045q_firmware:v300r018c10