Skip to main content

CVE-2018-7904

Severity High
Score 8.8/10

Summary

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

References

Advisory Timeline

  • Published