CVE-2023-38902
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-38902 is a command injection vulnerability affecting various Huawei devices, including RG-EW home routers, RG-NBS and RG-S1930 switches, RG-EG business VPN routers, EAP and RAP wireless access points, and NBC wireless controllers. The vulnerability resides in the Luci API and allows an attacker, who has obtained authorized access, to execute arbitrary commands on targeted devices by sending a malicious POST request to the /cgi-bin/luci/api/cmd endpoint via the remoteIp field. Successful exploitation could lead to significant compromise, including unauthorized access, data theft, or denial of service. It is essential to apply the recommended patches provided by Huawei as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.