Vulnerability Details : CVE-2017-8156
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.
Products affected by CVE-2017-8156
- cpe:2.3:o:huawei:b2338-168_firmware:v100r001c00:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8156
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8156
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
6.8
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST |
CWE ids for CVE-2017-8156
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8156
-
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en
Security Advisory - Two Vulnerabilities in Some Huawei CPE DevicesVendor Advisory
Jump to