CVE-2023-7266

Published: Dec 28, 2024Modified: Jan 13, 2025

8.1

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605) This vulnerability has been assigned a (CVE)ID:CVE-2023-7266

Affected (3)

Products: Huawei: Tc7001 10 Firmware, Ws7200 10 Firmware, Ws7206 10 Firmware

3 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Tc7001 10 Firmware	Version 2.0.0.336(sp6c300)

Running on/with	Platform Versions
Huawei Tc7001 10	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ws7200 10 Firmware	Version 3.0.3.215

Running on/with	Platform Versions
Huawei Ws7200 10	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ws7206 10 Firmware	Version 4.0.0.16(v3r2)

Running on/with	Platform Versions
Huawei Ws7206 10	All versions

Related CWEs

CWE-420

Unprotected Alternate Channel

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

References (1)

https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d616b19e-en

Source: psirt@huawei.com

Vendor Advisory

Timeline

No history available yet.