CVE-2020-1789

CWE-287Improper Authentication3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 81.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Huawei Osca-550 FirmwareHuawei Osca-550a FirmwareHuawei Osca-550ax Firmware+1 more
Timeline
PublishedFeb 18
Latest updateMay 24

Description

Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages4 packages

NVDhuawei/osca-550ax_firmware1.0.1.21\(sp3\)
NVDhuawei/osca-550a_firmware1.0.1.21\(sp3\)
NVDhuawei/osca-550x_firmware1.0.1.21\(sp3\)
NVDhuawei/osca-550_firmware1.0.1.21\(sp3\)

🔴Vulnerability Details

2
GHSA
GHSA-ph9c-5f5m-xhgq: Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 12022-05-24
CVEList
CVE-2020-1789: Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 12020-02-18
CVE-2020-1789 (MEDIUM CVSS 6.8) | Huawei OSCA-550 | cvebase.io