There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands.
References
Link | Resource |
---|---|
http://jvn.jp/en/jp/JVN41646618/index.html | Third Party Advisory |
https://support.huawei.com/carrier/navi?coltype=software#col=software&from=product&detailId=PBI1-252279599&path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383 | Permissions Required Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
25 Aug 2021, 01:21
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 6.7 |
CWE | CWE-78 | |
CPE | cpe:2.3:o:huawei:hg8045q_firmware:v300r016c00spc110:*:*:*:*:*:*:* cpe:2.3:h:huawei:hg8045q:-:*:*:*:*:*:*:* cpe:2.3:o:huawei:hg8045q_firmware:v300r018c10:*:*:*:*:*:*:* |
|
References |
|
|
References | (MISC) https://support.huawei.com/carrier/navi?coltype=software#col=software&from=product&detailId=PBI1-252279599&path=PBI1-252301455/PBI1-252303293/PBI1-23709862/PBI1-22318696/PBI1-21457383 - Permissions Required, Vendor Advisory |
13 Aug 2021, 16:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-13 16:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-37028
Mitre link : CVE-2021-37028
CVE.ORG link : CVE-2021-37028
JSON object : View
Products Affected
huawei
- hg8045q_firmware
- hg8045q
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')