QID 43850

Date Published: 2021-09-15

QID 43850: Huawei Router Multiple Vulnerabilities (HW-455876)

Users can use reversible or irreversible encryption algorithms to encrypt passwords. If a reversible encryption algorithm is used to encrypt administrators' passwords, an attacker with high administrative privileges can log in to the device, obtain the ciphertext password of a higher-level administrator, and crack it to get elevated privileges. (Vulnerability ID: HWPSIRT-2015-06073)

Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys. (Vulnerability ID: HWPSIRT-2015-06080)

The attacker can implement reverse engineering to obtain the encryption keys.

CVSS V3 rated as Medium - 4.9 severity.

CVSS V2 rated as Medium - 4 severity.

Solution

Refer to Huawei security advisory HW-455876 for updates and patch information.

Vendor References

hw-455876 - www.huawei.com/en/psirt/security-advisories/hw-455876

CVEs related to QID 43850

CVE-2015-8085 | CVE-2015-8086 |

Software Advisories

Advisory ID	Software	Component	Link
hw-455876	Huawei VRP		www.huawei.com/en/psirt/security-advisories/hw-455876

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].