PT-2017-18164 · Huawei · B2338-168

Adam Pogorzelski

Published

2017-11-22

Updated

2017-12-11

CVE-2017-8156

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions B2338-168 version V100R001C00

Description The issue affects the outdoor unit of the CPE product, where a lack of authentication on the serial port allows an attacker to access the unit without authentication. This could enable the attacker to take control over the outdoor unit.

Recommendations For version V100R001C00, consider restricting physical access to the serial port on the circuit board of the outdoor unit to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2017-8156

Affected Products

B2338-168

PT-2017-18164 · Huawei · B2338-168

CVE-2017-8156

Weakness Enumeration

Related Identifiers

Affected Products

References · 3