Adam Pogorzelski

**Name of the Vulnerable Software and Affected Versions** B2338-168 version V100R001C00 **Description** The issue affects the outdoor unit of the CPE product, where a certain port has a no authentication vulnerability. An attacker can exploit this by accessing the network between the indoor and outdoor units, delivering commands to the specific port of the outdoor unit, and executing them without authentication. This could allow the attacker to take control over the outdoor unit. **Recommendations** For version V100R001C00, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** B2338-168 version V100R001C00 **Description** The issue affects the outdoor unit of the CPE product, where a lack of authentication on the serial port allows an attacker to access the unit without authentication. This could enable the attacker to take control over the outdoor unit. **Recommendations** For version V100R001C00, consider restricting physical access to the serial port on the circuit board of the outdoor unit to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.