- Description
- There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800. Due to the improper implementation of authentication for the serial port, an attacker could exploit this vulnerability by connecting to the affected products and running a series of commands.
- Source
- psirt@huawei.com
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ap4050dn-e_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6923D0FA-AEC5-43F6-B50F-D65633EC5498",
"versionEndExcluding": "v200r009c00"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ap4050dn-e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9746576E-94D6-4866-B10E-E03FEC4DE9A5"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]