Plug-in Signature Bypass Vulnerability in Huawei HiRouter-CD20-10 and WS5200-10

Plug-in Signature Bypass Vulnerability in Huawei HiRouter-CD20-10 and WS5200-10

CVE-2018-7937 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.

Learn more about our User Device Pen Test.