8.4
CVE-2017-8155
- EPSS 0.02%
- Veröffentlicht 22.11.2017 19:29:03
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle psirt@huawei.com
- Teams Watchlist Login
- Unerledigt Login
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Huawei ≫ B2338-168 Firmware Versionv100r001c00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.02% | 0.035 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 8.4 | 2.5 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.