Huawei Home Gateway HiRouter-CD20 CVE-2018-7933 – Path Traversal

Authors:HuaWei                   Risk:High

CVE:CVE-2018-7933               0day:Path Traversal  

0day -id:0DAY-176166             Date:2018-05-11

Description

Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation.

 Software Versions and Fixes

Product Name Affected Version Resolved Product and Version
HiRouter-CD20 The versions before HiRouter-CD20-10 1.9.6 HiRouter-CD20-10 1.9.6
WS5200 The versions before WS5200-10 1.9.6 Upgrade to WS5200-10 1.9.6

 Impact

Successful exploit may result in arbitrary code execution or privilege escalation.
The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).
Base Score: 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L)
Temporal Score: 5.7 (E:F/RL:O/RC:C)

 Technique Details

This vulnerability can be exploited only when the following conditions are present:
The attacker tricks a user into installing a plugin on the device.
Vulnerability details:
There is a path traversal vulnerability on some Huawei home gateway products. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation.

Leave a Reply