CVE-2020-9241

EUVD-2020-30070
Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
huaweie6878-370_firmware
10.0.3.1\(h563sp1c00\)
huaweie6878-370_firmware
10.0.3.1\(h563sp21c233\)
𝑥
= Vulnerable software versions
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en