- Description
- ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code.
- Source
- psirt@huawei.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-668
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:me906s-158_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8F063E7-F6B1-4744-ADFD-58C0C3B5DEB0",
"versionEndExcluding": "me906s_installer_13.1805.10.3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:me906s-158:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D183D335-6EB8-4168-99F8-AA7CE766D319"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]