CVE-2018-7904

3 documents3 sources
Severity
8.8HIGH
EPSS
0.1%
top 67.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei 1288h V5 FirmwareHuawei 2288h V5 Firmware
Timeline
PublishedMay 24
Latest updateMay 13

Description

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/1288h_v5_firmwarev100r005c00
NVDhuawei/2288h_v5_firmwarev100r005c00

🔴Vulnerability Details

2
GHSA
GHSA-49p2-r329-r7xg: Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability2022-05-13
CVEList
CVE-2018-7904: Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability2018-05-24
CVE-2018-7904 (HIGH CVSS 8.8) | Huawei 1288H V5 and 288H V5 with so | cvebase.io