| ID |
CVE-2018-7937
|
| Sažetak |
In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device. |
| Reference |
|
| CVSS |
| Base: | 9.3 |
| Impact: | 10.0 |
| Exploitability: | 8.6 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| CVSS vektor |
AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Zadnje važnije ažuriranje |
03-10-2019 - 00:03 |
| Objavljeno |
04-09-2018 - 16:29 |
