CVE-2018-7904

Name of the Vulnerable Software and Affected Versions: Huawei 1288H V5 and 288H V5 version V100R005C00

Description: The issue allows an authenticated, remote attacker to launch a JSON injection attack, potentially modifying the administrator's password due to insufficient input verification. This could lead to the attacker obtaining management privileges of the system.

Recommendations: For Huawei 1288H V5 and 288H V5 version V100R005C00, consider restricting access to the JSON injection functionality until a fix is available. As a temporary workaround, limit the ability to modify administrator passwords through JSON inputs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.