Search criteria
2 vulnerabilities found for HG8045Q by Huawei
VAR-201901-1329
Vulnerability from variot - Updated: 2024-11-23 23:01There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability. HuaweiHG is a gateway device of China's Huawei company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-1329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg8010h",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hg8242h",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hg8040h",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hg8110h",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hg8240h",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hg8045q",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hg8010h",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hg8040h",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hg8045g",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hg8110h",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hg8240h",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hg8242h",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hg none",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04438"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014437"
},
{
"db": "NVD",
"id": "CVE-2018-7900"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:hg8010h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:hg8040h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:hg8045q_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:hg8110h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:hg8240h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:hg8242h_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014437"
}
]
},
"cve": "CVE-2018-7900",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2018-7900",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-04438",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-137932",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7900",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7900",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7900",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-04438",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-822",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137932",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-7900",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04438"
},
{
"db": "VULHUB",
"id": "VHN-137932"
},
{
"db": "VULMON",
"id": "CVE-2018-7900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014437"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-822"
},
{
"db": "NVD",
"id": "CVE-2018-7900"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability. HuaweiHG is a gateway device of China\u0027s Huawei company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014437"
},
{
"db": "CNVD",
"id": "CNVD-2019-04438"
},
{
"db": "VULHUB",
"id": "VHN-137932"
},
{
"db": "VULMON",
"id": "CVE-2018-7900"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7900",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014437",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-822",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-04438",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-137932",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7900",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04438"
},
{
"db": "VULHUB",
"id": "VHN-137932"
},
{
"db": "VULMON",
"id": "CVE-2018-7900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014437"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-822"
},
{
"db": "NVD",
"id": "CVE-2018-7900"
}
]
},
"id": "VAR-201901-1329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04438"
},
{
"db": "VULHUB",
"id": "VHN-137932"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04438"
}
]
},
"last_update_date": "2024-11-23T23:01:53.603000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sn-20181219-01-hg",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-notices/huawei-sn-20181219-01-hg-en"
},
{
"title": "Huawei HG Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89498"
},
{
"title": "Huawei Security Advisories: Security Notice - Statement on Information Leak Vulnerability in Huawei HG Product",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=abf85a8efa9686f174e6f8372a1d2f0e"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/huawei-router-default-credential/140234/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014437"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-822"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137932"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014437"
},
{
"db": "NVD",
"id": "CVE-2018-7900"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20181219-01-hg-en"
},
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-notices/huawei-sn-20181219-01-hg-cn"
},
{
"trust": 1.2,
"url": "https://blog.newskysecurity.com/information-disclosure-vulnerability-cve-2018-7900-makes-it-easy-for-attackers-to-find-huawei-3e7039b6f44f"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7900"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7900"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/huawei-router-default-credential/140234/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04438"
},
{
"db": "VULHUB",
"id": "VHN-137932"
},
{
"db": "VULMON",
"id": "CVE-2018-7900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014437"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-822"
},
{
"db": "NVD",
"id": "CVE-2018-7900"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-04438"
},
{
"db": "VULHUB",
"id": "VHN-137932"
},
{
"db": "VULMON",
"id": "CVE-2018-7900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014437"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-822"
},
{
"db": "NVD",
"id": "CVE-2018-7900"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-04438"
},
{
"date": "2019-01-02T00:00:00",
"db": "VULHUB",
"id": "VHN-137932"
},
{
"date": "2019-01-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7900"
},
{
"date": "2019-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014437"
},
{
"date": "2018-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-822"
},
{
"date": "2019-01-02T16:29:00.217000",
"db": "NVD",
"id": "CVE-2018-7900"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-04438"
},
{
"date": "2019-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-137932"
},
{
"date": "2019-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7900"
},
{
"date": "2019-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014437"
},
{
"date": "2019-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-822"
},
{
"date": "2024-11-21T04:12:56.553000",
"db": "NVD",
"id": "CVE-2018-7900"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei HG Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04438"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-822"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-822"
}
],
"trust": 0.6
}
}
JVNDB-2021-000077
Vulnerability from jvndb - Published: 2021-08-17 14:24 - Updated:2021-08-17 14:24
Severity ?
Summary
Huawei EchoLife HG8045Q vulnerable to OS command injection
Details
EchoLife HT8045Q provided by Huawei is an ONT (Optical Network Terminal) device.
It is equipped with the command line interface for network operators' maintenance purpose, which is disabled by default.
When the command line interface is enabled, operators can interact with a certain restricted set of commands.
The command-line interface fails to process properly a certain crafted inputs, which enables some BusyBox-implemented commands executed (CWE-78).
References
| Type | URL | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000077.html",
"dc:date": "2021-08-17T14:24+09:00",
"dcterms:issued": "2021-08-17T14:24+09:00",
"dcterms:modified": "2021-08-17T14:24+09:00",
"description": "EchoLife HT8045Q provided by Huawei is an ONT (Optical Network Terminal) device.\r\nIt is equipped with the command line interface for network operators\u0027 maintenance purpose, which is disabled by default.\r\nWhen the command line interface is enabled, operators can interact with a certain restricted set of commands.\r\nThe command-line interface fails to process properly a certain crafted inputs, which enables some BusyBox-implemented commands executed (CWE-78).",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000077.html",
"sec:cpe": {
"#text": "cpe:/a:huawei:hg8045q",
"@product": "HG8045Q",
"@vendor": "Huawei",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.7",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000077",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN41646618/index.html",
"@id": "JVN#41646618",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37028",
"@id": "CVE-2021-37028",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-37028",
"@id": "CVE-2021-37028",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Huawei EchoLife HG8045Q vulnerable to OS command injection"
}