Search
Find a vulnerability
Search criteria
4 vulnerabilities found for hg8045q_firmware by huawei
CVE-2021-37028 (GCVE-0-2021-37028)
Vulnerability from nvd – Published: 2021-08-13 15:52 – Updated: 2024-08-04 01:09
VLAI
Summary
There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands.
Severity
No CVSS data available.
CWE
- command injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.huawei.com/carrier/navi?coltype=s… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN41646618/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EchoLife HG8045Q |
Affected:
V300R016C00,V300R018C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:09:07.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.huawei.com/carrier/navi?coltype=software#col=software\u0026from=product\u0026detailId=PBI1-252279599\u0026path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383"
},
{
"name": "JVN#41646618",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN41646618/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EchoLife HG8045Q",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V300R016C00,V300R018C10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T04:06:23.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.huawei.com/carrier/navi?coltype=software#col=software\u0026from=product\u0026detailId=PBI1-252279599\u0026path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383"
},
{
"name": "JVN#41646618",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN41646618/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-37028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EchoLife HG8045Q",
"version": {
"version_data": [
{
"version_value": "V300R016C00,V300R018C10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.huawei.com/carrier/navi?coltype=software#col=software\u0026from=product\u0026detailId=PBI1-252279599\u0026path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383",
"refsource": "MISC",
"url": "https://support.huawei.com/carrier/navi?coltype=software#col=software\u0026from=product\u0026detailId=PBI1-252279599\u0026path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383"
},
{
"name": "JVN#41646618",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN41646618/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-37028",
"datePublished": "2021-08-13T15:52:38.000Z",
"dateReserved": "2021-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:09:07.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7900 (GCVE-0-2018-7900)
Vulnerability from nvd – Published: 2019-01-02 16:00 – Updated: 2024-08-05 06:37
VLAI
Summary
There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability.
Severity
No CVSS data available.
CWE
- information leak
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://blog.newskysecurity.com/information-discl… | x_refsource_MISC |
| http://www.huawei.com/en/psirt/security-notices/h… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Huawei Technologies Co., Ltd. | some HG products |
Affected:
customized versions
|
Date Public
2018-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.newskysecurity.com/information-disclosure-vulnerability-cve-2018-7900-makes-it-easy-for-attackers-to-find-huawei-3e7039b6f44f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20181219-01-hg-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "some HG products",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "customized versions"
}
]
}
],
"datePublic": "2018-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-03T21:57:01.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.newskysecurity.com/information-disclosure-vulnerability-cve-2018-7900-makes-it-easy-for-attackers-to-find-huawei-3e7039b6f44f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20181219-01-hg-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "some HG products",
"version": {
"version_data": [
{
"version_value": "customized versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.newskysecurity.com/information-disclosure-vulnerability-cve-2018-7900-makes-it-easy-for-attackers-to-find-huawei-3e7039b6f44f",
"refsource": "MISC",
"url": "https://blog.newskysecurity.com/information-disclosure-vulnerability-cve-2018-7900-makes-it-easy-for-attackers-to-find-huawei-3e7039b6f44f"
},
{
"name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20181219-01-hg-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20181219-01-hg-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7900",
"datePublished": "2019-01-02T16:00:00.000Z",
"dateReserved": "2018-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:37:59.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37028 (GCVE-0-2021-37028)
Vulnerability from cvelistv5 – Published: 2021-08-13 15:52 – Updated: 2024-08-04 01:09
VLAI
Summary
There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands.
Severity
No CVSS data available.
CWE
- command injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.huawei.com/carrier/navi?coltype=s… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN41646618/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EchoLife HG8045Q |
Affected:
V300R016C00,V300R018C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:09:07.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.huawei.com/carrier/navi?coltype=software#col=software\u0026from=product\u0026detailId=PBI1-252279599\u0026path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383"
},
{
"name": "JVN#41646618",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN41646618/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EchoLife HG8045Q",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V300R016C00,V300R018C10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T04:06:23.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.huawei.com/carrier/navi?coltype=software#col=software\u0026from=product\u0026detailId=PBI1-252279599\u0026path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383"
},
{
"name": "JVN#41646618",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN41646618/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-37028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EchoLife HG8045Q",
"version": {
"version_data": [
{
"version_value": "V300R016C00,V300R018C10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.huawei.com/carrier/navi?coltype=software#col=software\u0026from=product\u0026detailId=PBI1-252279599\u0026path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383",
"refsource": "MISC",
"url": "https://support.huawei.com/carrier/navi?coltype=software#col=software\u0026from=product\u0026detailId=PBI1-252279599\u0026path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383"
},
{
"name": "JVN#41646618",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN41646618/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-37028",
"datePublished": "2021-08-13T15:52:38.000Z",
"dateReserved": "2021-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:09:07.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7900 (GCVE-0-2018-7900)
Vulnerability from cvelistv5 – Published: 2019-01-02 16:00 – Updated: 2024-08-05 06:37
VLAI
Summary
There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability.
Severity
No CVSS data available.
CWE
- information leak
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://blog.newskysecurity.com/information-discl… | x_refsource_MISC |
| http://www.huawei.com/en/psirt/security-notices/h… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Huawei Technologies Co., Ltd. | some HG products |
Affected:
customized versions
|
Date Public
2018-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.newskysecurity.com/information-disclosure-vulnerability-cve-2018-7900-makes-it-easy-for-attackers-to-find-huawei-3e7039b6f44f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20181219-01-hg-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "some HG products",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "customized versions"
}
]
}
],
"datePublic": "2018-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-03T21:57:01.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.newskysecurity.com/information-disclosure-vulnerability-cve-2018-7900-makes-it-easy-for-attackers-to-find-huawei-3e7039b6f44f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20181219-01-hg-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "some HG products",
"version": {
"version_data": [
{
"version_value": "customized versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.newskysecurity.com/information-disclosure-vulnerability-cve-2018-7900-makes-it-easy-for-attackers-to-find-huawei-3e7039b6f44f",
"refsource": "MISC",
"url": "https://blog.newskysecurity.com/information-disclosure-vulnerability-cve-2018-7900-makes-it-easy-for-attackers-to-find-huawei-3e7039b6f44f"
},
{
"name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20181219-01-hg-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20181219-01-hg-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7900",
"datePublished": "2019-01-02T16:00:00.000Z",
"dateReserved": "2018-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:37:59.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}