Overview
- Description
- Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.
- Source
- psirt@huawei.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 5.9
- Exploitability score
- 0.6
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-281
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:e3372_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0936F180-DF82-4F7E-8462-D89A666F902C",
"versionEndExcluding": "22.333.03.00.00"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:e3372:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BAD2FD77-0CD7-4BD3-AF8C-635B8D8C0A60"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:e8372_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CDC49E7-F3AD-461F-BC57-A24BA04554E6",
"versionEndExcluding": "21.333.03.00.00"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:e8372:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "35F63024-60C0-43A5-9D7F-A9C133000FC1"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]