CVE-2018-7937

Summary

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.

Affected Software

VendorProductVersion RangeStatus
Huawei Technologies Co., Ltd.HiRouter-CD20, WS5200-10The versions before HiRouter-CD20-10 1.9.6, The versions before WS5200-10 1.9.6affected

Weaknesses

  • plug-in signature bypass

ADP Enrichment

CVE Program Container

Additional References

References