cvelistv5 - cve-2023-52718

CVE-2023-52718 (GCVE-0-2023-52718)

Vulnerability from cvelistv5 – Published: 2024-12-28 07:16 – Updated: 2024-12-28 16:09

Summary

A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408) This vulnerability has been assigned a (CVE)ID:CVE-2023-52718

Severity ?

6.4 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-420 - Unprotected Alternate Channel

Assigner

huawei

References

URL

Tags

https://www.huawei.com/br/psirt/security-advisori…

Impacted products

Vendor

Product

Version

Huawei

PT9030-15

Affected: 3.0.3.266

Huawei	WS7206-10	Affected: 11.0.5.19 Affected: 2.1.0.203
Huawei	WS7290-15	Affected: 3.0.3.266
Huawei	WS8000-10	Affected: WS8000-16 3.0.3.236
Huawei	WS8001-10	Affected: 3.0.3.242
Huawei	WS8002-10	Affected: 3.0.3.242
Huawei	WS8500-10	Affected: WS8500-16 3.0.3.235
Huawei	WS8502-10	Affected: 3.0.3.242
Huawei	WS8700-10	Affected: 3.0.3.251

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52718",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-28T16:08:28.353163Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-28T16:09:42.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PT9030-15",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.3.266"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WS7206-10",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "11.0.5.19"
            },
            {
              "status": "affected",
              "version": "2.1.0.203"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WS7290-15",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.3.266"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WS8000-10",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "WS8000-16 3.0.3.236"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WS8001-10",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.3.242"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WS8002-10",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.3.242"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WS8500-10",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "WS8500-16 3.0.3.235"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WS8502-10",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.3.242"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WS8700-10",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.3.251"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\u003c/p\u003e\u003cp\u003eThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718\u003c/p\u003e"
            }
          ],
          "value": "A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-420",
              "description": "CWE-420 Unprotected Alternate Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-28T07:16:22.248Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "url": "https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2023-52718",
    "datePublished": "2024-12-28T07:16:22.248Z",
    "dateReserved": "2024-04-11T06:52:24.010Z",
    "dateUpdated": "2024-12-28T16:09:42.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:pt9030-15_firmware:3.0.3.266:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6448BB89-9B6D-4AFD-9E28-23EB03C4AA52\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:pt9030-15:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C168F352-DFCD-45F6-AA6D-FFFFE1840FE2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ws7206-10_firmware:11.0.5.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68FA3E83-1970-4500-B3B5-E2F68E178487\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ws7206-10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8153CF45-E1C2-4355-8E99-12B3321A3C28\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ws7206-10_firmware:2.1.0.203:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E88C36C8-E477-49AC-9A23-1BE6C87525DE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ws7206-10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8153CF45-E1C2-4355-8E99-12B3321A3C28\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ws7290-15_firmware:3.0.3.266:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9863510-CCE9-47A6-AE6F-B841BE97EC11\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ws7290-15:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"318B5B11-EB95-4729-95BA-603AE2A6821B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ws8000-10_firmware:3.0.3.236:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB91CA3A-6D93-4580-8142-56EFCE325A7A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ws8000-10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"308EC09B-A09D-47A3-8654-F90D80F82100\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ws8001-10_firmware:3.0.3.242:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC637316-8BDD-45D8-ABD0-C7B5A3E9E585\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ws8001-10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC2333EB-3BA5-4EE5-A88A-68A97912F6E0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ws8002-10_firmware:3.0.3.242:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E55857B5-BDFC-4A8E-A9FD-5509EE05217B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ws8002-10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"177AB0ED-0F61-4345-AA36-E5690CEB6712\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ws8500-10_firmware:3.0.3.235:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FD6B7EB-6D3B-4F1B-A021-474333435A92\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ws8500-10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6603C16-0A98-4EBE-91AC-C0C74DAD6EA8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ws8502-10_firmware:3.0.3.242:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"858AFE8C-826B-401F-BA0C-445E5B287770\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ws8502-10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16A0BCD5-3293-4860-8B6A-7C224D350223\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ws8700-10_firmware:3.0.3.251:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EB4588-7370-4743-A262-62BBC62C92DB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ws8700-10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6796317F-F4C4-48F8-8495-1AEB2DECFB20\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\\n\\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de secuestro de conexi\\u00f3n en algunos routeres dom\\u00e9sticos de Huawei. La explotaci\\u00f3n exitosa de esta vulnerabilidad puede causar ataques de denegaci\\u00f3n de servicio (DoS) o fuga de informaci\\u00f3n. (ID de vulnerabilidad: HWPSIRT-2023-34408) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad de seguridad (CVE): CVE-2023-52718\"}]",
      "id": "CVE-2023-52718",
      "lastModified": "2025-01-13T20:50:13.847",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@huawei.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.5, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}]}",
      "published": "2024-12-28T08:15:04.797",
      "references": "[{\"url\": \"https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"psirt@huawei.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-420\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52718\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2024-12-28T08:15:04.797\",\"lastModified\":\"2025-01-13T20:50:13.847\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\\n\\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de secuestro de conexi\u00f3n en algunos routeres dom\u00e9sticos de Huawei. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar ataques de denegaci\u00f3n de servicio (DoS) o fuga de informaci\u00f3n. (ID de vulnerabilidad: HWPSIRT-2023-34408) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad de seguridad (CVE): CVE-2023-52718\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@huawei.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"psirt@huawei.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-420\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:pt9030-15_firmware:3.0.3.266:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6448BB89-9B6D-4AFD-9E28-23EB03C4AA52\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:pt9030-15:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C168F352-DFCD-45F6-AA6D-FFFFE1840FE2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ws7206-10_firmware:11.0.5.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68FA3E83-1970-4500-B3B5-E2F68E178487\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ws7206-10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8153CF45-E1C2-4355-8E99-12B3321A3C28\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ws7206-10_firmware:2.1.0.203:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E88C36C8-E477-49AC-9A23-1BE6C87525DE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ws7206-10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8153CF45-E1C2-4355-8E99-12B3321A3C28\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ws7290-15_firmware:3.0.3.266:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9863510-CCE9-47A6-AE6F-B841BE97EC11\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ws7290-15:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"318B5B11-EB95-4729-95BA-603AE2A6821B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ws8000-10_firmware:3.0.3.236:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB91CA3A-6D93-4580-8142-56EFCE325A7A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ws8000-10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"308EC09B-A09D-47A3-8654-F90D80F82100\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ws8001-10_firmware:3.0.3.242:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC637316-8BDD-45D8-ABD0-C7B5A3E9E585\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ws8001-10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2333EB-3BA5-4EE5-A88A-68A97912F6E0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ws8002-10_firmware:3.0.3.242:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55857B5-BDFC-4A8E-A9FD-5509EE05217B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ws8002-10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"177AB0ED-0F61-4345-AA36-E5690CEB6712\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ws8500-10_firmware:3.0.3.235:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FD6B7EB-6D3B-4F1B-A021-474333435A92\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ws8500-10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6603C16-0A98-4EBE-91AC-C0C74DAD6EA8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ws8502-10_firmware:3.0.3.242:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"858AFE8C-826B-401F-BA0C-445E5B287770\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ws8502-10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16A0BCD5-3293-4860-8B6A-7C224D350223\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ws8700-10_firmware:3.0.3.251:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EB4588-7370-4743-A262-62BBC62C92DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ws8700-10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6796317F-F4C4-48F8-8495-1AEB2DECFB20\"}]}]}],\"references\":[{\"url\":\"https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-52718\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-28T16:08:28.353163Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-28T16:09:37.582Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Huawei\", \"product\": \"PT9030-15\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.3.266\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"WS7206-10\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.5.19\"}, {\"status\": \"affected\", \"version\": \"2.1.0.203\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"WS7290-15\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.3.266\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"WS8000-10\", \"versions\": [{\"status\": \"affected\", \"version\": \"WS8000-16 3.0.3.236\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"WS8001-10\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.3.242\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"WS8002-10\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.3.242\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"WS8500-10\", \"versions\": [{\"status\": \"affected\", \"version\": \"WS8500-16 3.0.3.235\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"WS8502-10\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.3.242\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Huawei\", \"product\": \"WS8700-10\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.3.251\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\\n\\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\u003c/p\u003e\u003cp\u003eThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-420\", \"description\": \"CWE-420 Unprotected Alternate Channel\"}]}], \"providerMetadata\": {\"orgId\": \"25ac1063-e409-4190-8079-24548c77ea2e\", \"shortName\": \"huawei\", \"dateUpdated\": \"2024-12-28T07:16:22.248Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-52718\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-28T16:09:42.678Z\", \"dateReserved\": \"2024-04-11T06:52:24.010Z\", \"assignerOrgId\": \"25ac1063-e409-4190-8079-24548c77ea2e\", \"datePublished\": \"2024-12-28T07:16:22.248Z\", \"assignerShortName\": \"huawei\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2025-23596

Vulnerability from cnvd - Published: 2025-10-15

Title

Huawei部分家用路由器连接劫持漏洞

Description

Huawei WS8700等都是中国华为（Huawei）公司的一款路由器。 Huawei部分家用路由器存在连接劫持漏洞，攻击者可利用该漏洞导致DoS或信息泄露。

Severity

中

Patch Name

Huawei部分家用路由器连接劫持漏洞的补丁

Patch Description

Huawei WS8700等都是中国华为（Huawei）公司的一款路由器。 Huawei部分家用路由器存在连接劫持漏洞，攻击者可利用该漏洞导致DoS或信息泄露。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en

Reference

https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en

Impacted products

Name
['Huawei PT9030-15 3.0.3.266', 'Huawei WS7206-10 11.0.5.19', 'Huawei WS7206-10 2.1.0.203', 'Huawei WS7290-15 3.0.3.266', 'Huawei WS8000-16 3.0.3.236', 'Huawei WS8001-10 3.0.3.242', 'Huawei WS8002-10 3.0.3.242', 'Huawei WS8500-16 3.0.3.235', 'Huawei WS8502-10 3.0.3.242', 'Huawei WS8700-10 3.0.3.251']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-52718",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-52718"
    }
  },
  "description": "Huawei WS8700\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u3002 \n\nHuawei\u90e8\u5206\u5bb6\u7528\u8def\u7531\u5668\u5b58\u5728\u8fde\u63a5\u52ab\u6301\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4DoS\u6216\u4fe1\u606f\u6cc4\u9732\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-23596",
  "openTime": "2025-10-15",
  "patchDescription": "Huawei WS8700\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u3002 \r\n\r\nHuawei\u90e8\u5206\u5bb6\u7528\u8def\u7531\u5668\u5b58\u5728\u8fde\u63a5\u52ab\u6301\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4DoS\u6216\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei\u90e8\u5206\u5bb6\u7528\u8def\u7531\u5668\u8fde\u63a5\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei PT9030-15 3.0.3.266",
      "Huawei WS7206-10 11.0.5.19",
      "Huawei WS7206-10 2.1.0.203",
      "Huawei WS7290-15 3.0.3.266",
      "Huawei WS8000-16 3.0.3.236",
      "Huawei WS8001-10 3.0.3.242",
      "Huawei WS8002-10 3.0.3.242",
      "Huawei WS8500-16 3.0.3.235",
      "Huawei WS8502-10 3.0.3.242",
      "Huawei WS8700-10 3.0.3.251"
    ]
  },
  "referenceLink": "https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en",
  "serverity": "\u4e2d",
  "submitTime": "2024-12-30",
  "title": "Huawei\u90e8\u5206\u5bb6\u7528\u8def\u7531\u5668\u8fde\u63a5\u52ab\u6301\u6f0f\u6d1e"
}

WID-SEC-W-2024-0957

Vulnerability from csaf_certbund - Published: 2024-04-23 22:00 - Updated: 2024-04-23 22:00

Summary

Huawei Home Router: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Router sind Geräte aus dem Bereich Computernetzwerke, Telekommunikation und Internet, die mehrere Rechnernetze miteinander verbinden.

Angriff

Ein entfernter authentifizierter Angreifer kann eine Schwachstelle im Huawei-Router ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Router sind Ger\u00e4te aus dem Bereich Computernetzwerke, Telekommunikation und Internet, die mehrere Rechnernetze miteinander verbinden.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter authentifizierter Angreifer kann eine Schwachstelle im Huawei-Router ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0957 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0957.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0957 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0957"
      },
      {
        "category": "external",
        "summary": "Huawei Security Advisory vom 2024-04-23",
        "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en"
      }
    ],
    "source_lang": "en-US",
    "title": "Huawei Home Router: Schwachstelle erm\u00f6glicht Denial of Service und Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2024-04-23T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:08:07.301+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0957",
      "initial_release_date": "2024-04-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Huawei Router",
            "product": {
              "name": "Huawei Router",
              "product_id": "T034372",
              "product_identification_helper": {
                "cpe": "cpe:/h:huawei:router:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Huawei"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-52718",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im Huawei Router. Dieser Fehler besteht in der Firmware des Home Routers aufgrund eines Verbindungsentf\u00fchrungsproblems. Ein benachbarter, privilegierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034372"
        ]
      },
      "release_date": "2024-04-23T22:00:00.000+00:00",
      "title": "CVE-2023-52718"
    }
  ]
}

GSD-2023-52718

Vulnerability from gsd - Updated: 2024-04-12 05:01

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2023-52718

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-52718"
      ],
      "id": "GSD-2023-52718",
      "modified": "2024-04-12T05:01:42.490161Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-52718",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

GHSA-8JH8-6H58-693C

Vulnerability from github – Published: 2024-12-28 09:31 – Updated: 2024-12-28 09:31

Details

A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)

This vulnerability has been assigned a (CVE)ID:CVE-2023-52718

Severity ?

6.4 (Medium)


                  
                    CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-52718"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-420"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-28T08:15:04Z",
    "severity": "MODERATE"
  },
  "details": "A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718",
  "id": "GHSA-8jh8-6h58-693c",
  "modified": "2024-12-28T09:31:28Z",
  "published": "2024-12-28T09:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52718"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2023-52718

Vulnerability from fkie_nvd - Published: 2024-12-28 08:15 - Updated: 2025-01-13 20:50

Severity ?

6.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Summary

References

	URL	Tags
	psirt@huawei.com	https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en	Vendor Advisory

Impacted products

Vendor	Product	Version
huawei	pt9030-15_firmware	3.0.3.266
huawei	pt9030-15	-
huawei	ws7206-10_firmware	11.0.5.19
huawei	ws7206-10	-
huawei	ws7206-10_firmware	2.1.0.203
huawei	ws7206-10	-
huawei	ws7290-15_firmware	3.0.3.266
huawei	ws7290-15	-
huawei	ws8000-10_firmware	3.0.3.236
huawei	ws8000-10	-
huawei	ws8001-10_firmware	3.0.3.242
huawei	ws8001-10	-
huawei	ws8002-10_firmware	3.0.3.242
huawei	ws8002-10	-
huawei	ws8500-10_firmware	3.0.3.235
huawei	ws8500-10	-
huawei	ws8502-10_firmware	3.0.3.242
huawei	ws8502-10	-
huawei	ws8700-10_firmware	3.0.3.251
huawei	ws8700-10	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:pt9030-15_firmware:3.0.3.266:*:*:*:*:*:*:*",
              "matchCriteriaId": "6448BB89-9B6D-4AFD-9E28-23EB03C4AA52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:pt9030-15:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C168F352-DFCD-45F6-AA6D-FFFFE1840FE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ws7206-10_firmware:11.0.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FA3E83-1970-4500-B3B5-E2F68E178487",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ws7206-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8153CF45-E1C2-4355-8E99-12B3321A3C28",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ws7206-10_firmware:2.1.0.203:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88C36C8-E477-49AC-9A23-1BE6C87525DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ws7206-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8153CF45-E1C2-4355-8E99-12B3321A3C28",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ws7290-15_firmware:3.0.3.266:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9863510-CCE9-47A6-AE6F-B841BE97EC11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ws7290-15:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "318B5B11-EB95-4729-95BA-603AE2A6821B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ws8000-10_firmware:3.0.3.236:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB91CA3A-6D93-4580-8142-56EFCE325A7A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ws8000-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "308EC09B-A09D-47A3-8654-F90D80F82100",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ws8001-10_firmware:3.0.3.242:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC637316-8BDD-45D8-ABD0-C7B5A3E9E585",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ws8001-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2333EB-3BA5-4EE5-A88A-68A97912F6E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ws8002-10_firmware:3.0.3.242:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55857B5-BDFC-4A8E-A9FD-5509EE05217B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ws8002-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "177AB0ED-0F61-4345-AA36-E5690CEB6712",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ws8500-10_firmware:3.0.3.235:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD6B7EB-6D3B-4F1B-A021-474333435A92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ws8500-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6603C16-0A98-4EBE-91AC-C0C74DAD6EA8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ws8502-10_firmware:3.0.3.242:*:*:*:*:*:*:*",
              "matchCriteriaId": "858AFE8C-826B-401F-BA0C-445E5B287770",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ws8502-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A0BCD5-3293-4860-8B6A-7C224D350223",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ws8700-10_firmware:3.0.3.251:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EB4588-7370-4743-A262-62BBC62C92DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ws8700-10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6796317F-F4C4-48F8-8495-1AEB2DECFB20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718"
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de secuestro de conexi\u00f3n en algunos routeres dom\u00e9sticos de Huawei. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar ataques de denegaci\u00f3n de servicio (DoS) o fuga de informaci\u00f3n. (ID de vulnerabilidad: HWPSIRT-2023-34408) A esta vulnerabilidad se le ha asignado un ID de vulnerabilidad de seguridad (CVE): CVE-2023-52718"
    }
  ],
  "id": "CVE-2023-52718",
  "lastModified": "2025-01-13T20:50:13.847",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "psirt@huawei.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-28T08:15:04.797",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-420"
        }
      ],
      "source": "psirt@huawei.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-52718 (GCVE-0-2023-52718)

CNVD-2025-23596

WID-SEC-W-2024-0957

GSD-2023-52718

GHSA-8JH8-6H58-693C

FKIE_CVE-2023-52718

Tags

Sightings

Nomenclature