A vulnerability classified as critical has been found in Huawei E6878-370 10.0.3.1(H563SP1C00)/10.0.3.1(H563SP21C233). Affected is an unknown function of the component WAN Handler. The manipulation with an unknown input leads to a authorization vulnerability. CWE is classifying the issue as CWE-863. The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device.

The weakness was published 08/17/2020 (Website). The advisory is shared for download at huawei.com. This vulnerability is traded as CVE-2020-9241 since 02/18/2020. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 08/18/2020).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Vendor

• Huawei

Name

• E6878-370

Version

• 10.0.3.1(H563SP1C00)
• 10.0.3.1(H563SP21C233)

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion