CVE-2023-38902

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 17, 2023
Updated: Aug 23, 2023
CWE ID 77

Summary

CVE-2023-38902 is a command injection vulnerability affecting various Huawei devices, including RG-EW home routers, RG-NBS and RG-S1930 switches, RG-EG business VPN routers, EAP and RAP wireless access points, and NBC wireless controllers. The vulnerability resides in the Luci API and allows an attacker, who has obtained authorized access, to execute arbitrary commands on targeted devices by sending a malicious POST request to the /cgi-bin/luci/api/cmd endpoint via the remoteIp field. Successful exploitation could lead to significant compromise, including unauthorized access, data theft, or denial of service. It is essential to apply the recommended patches provided by Huawei as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share