CVE-2018-7933

Name of the Vulnerable Software and Affected Versions: Huawei HiRouter-CD20 versions prior to 1.9.6 Huawei WS5200 versions prior to 1.9.6

Description: The issue is related to a path traversal vulnerability in Huawei home gateway products. It occurs due to the lack of validation during the installation of APK plugins, allowing an attacker to trick a user into installing a malicious plugin. This plugin can overwrite arbitrary files on the device, potentially resulting in arbitrary code execution or privilege escalation.

Recommendations: For Huawei HiRouter-CD20 versions prior to 1.9.6, update to version 1.9.6 or later to resolve the issue. For Huawei WS5200 versions prior to 1.9.6, update to version 1.9.6 or later to resolve the issue. As a temporary workaround, consider restricting the installation of APK plugins from untrusted sources until a patch is applied.