CVE-2020-9241

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

7.0HIGH

EPSS

0.2%

top 61.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei E6878-370 Firmware

Timeline

PublishedAug 17

Latest updateMay 24

Description

Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 2.2 | Impact: 4.7

Affected Packages2 packages

▶NVDhuawei/e6878-370_firmware10.0.3.1\(h563sp1c00\), 10.0.3.1\(h563sp21c233\)+1

▶CVEListV5e6878-37010.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233)

🔴Vulnerability Details

GHSA

GHSA-p56p-86p8-95g9: Huawei 5G Mobile WiFi E6878-370 with versions of 10↗2022-05-24

▶

CVEList

CVE-2020-9241: Huawei 5G Mobile WiFi E6878-370 with versions of 10↗2020-08-17

▶