Overview
- Description
- ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code.
- Source
- psirt@huawei.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-668
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:me906s-158_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8F063E7-F6B1-4744-ADFD-58C0C3B5DEB0",
"versionEndExcluding": "me906s_installer_13.1805.10.3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:me906s-158:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D183D335-6EB8-4168-99F8-AA7CE766D319"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]