Description

There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do.

Related CPE's

o

huawei

hero-ct060_firmware

Vulnerable

h

huawei

hero-ct060

-

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210929-01-auth-en

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-11T16:15:07.610

3 years ago

Last modified

2021-10-18T18:09:55.353

3 years ago