CVE-2023-7266 — Unprotected Alternate Channel in Huawei Tc7001-10

CWE-420 — Unprotected Alternate Channel3 documents3 sources

Severity

8.1HIGHNVD

CNA7.5

EPSS

0.1%

top 79.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Tc7001-10 Huawei Ws7200-10 Huawei Ws7206-10 +3 more

Timeline

PublishedDec 28

Description

Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605) This vulnerability has been assigned a (CVE)ID:CVE-2023-7266

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages6 packages

▶CVEListV5huawei/tc7001-102.0.0.336(SP6C300)

▶CVEListV5huawei/ws7200-10WS7200-10-OTA 3.0.3.215-fullpackage(auto_1)

▶CVEListV5huawei/ws7206-10WS7206-10-OTA 4.0.0.16(V3R2)-fullpackage(auto)

▶NVDhuawei/tc7001-10_firmware2.0.0.336\(sp6c300\)

▶NVDhuawei/ws7200-10_firmware3.0.3.215

🔴Vulnerability Details

GHSA

GHSA-33fg-f8wx-chw2: Some Huawei home routers have a connection hijacking vulnerability↗2024-12-28

▶

CVEList

CVE-2023-7266: Some Huawei home routers have a connection hijacking vulnerability↗2024-12-28

▶