PT-2017-18163 · Huawei · B2338-168

Adam Pogorzelski

Published

2017-11-22

Updated

2017-12-11

CVE-2017-8155

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions B2338-168 version V100R001C00

Description The issue affects the outdoor unit of the CPE product, where a certain port has a no authentication vulnerability. An attacker can exploit this by accessing the network between the indoor and outdoor units, delivering commands to the specific port of the outdoor unit, and executing them without authentication. This could allow the attacker to take control over the outdoor unit.

Recommendations For version V100R001C00, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2017-8155

Affected Products

B2338-168

PT-2017-18163 · Huawei · B2338-168

CVE-2017-8155

Weakness Enumeration

Related Identifiers

Affected Products

References · 3