Jimson K James

**Name of the Vulnerable Software and Affected Versions** Huawei E355 adapter version 21.157.37.01.910 **Description** The issue allows remote attackers to change passwords and settings, or obtain sensitive information, due to the lack of authentication for API pages. This can be achieved via a direct request to API endpoints such as "api/wlan/security-settings", "api/device/information", "api/wlan/basic-settings", "api/wlan/mac-filter", "api/monitoring/status", or "api/dhcp/settings". **Recommendations** For Huawei E355 adapter version 21.157.37.01.910, consider restricting access to the API endpoints "api/wlan/security-settings", "api/device/information", "api/wlan/basic-settings", "api/wlan/mac-filter", "api/monitoring/status", and "api/dhcp/settings" until a patch is available. As a temporary workaround, implement authentication for API pages to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.