Details of VAR-201711-0993

ID

VAR-201711-0993

CVE

CVE-2017-8156

TITLE

Huawei Customer Premise Equipment Product B2338-168 Vulnerabilities related to lack of authentication for critical functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-010702

DESCRIPTION

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow the attacker to take control over the outdoor unit. HuaweiB2338-168 is a wireless terminal device that can receive WiFi signals from Huawei. The outdoor unit is one of the units for transmitting and receiving signals

Trust: 2.25

sources: NVD: CVE-2017-8156 // JVNDB: JVNDB-2017-010702 // CNVD: CNVD-2017-35440 // VULHUB: VHN-116359

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-35440

AFFECTED PRODUCTS

vendor:	huawei	model:	b2338-168	scope:	eq	version:	v100r001c00	Trust: 2.4
vendor:	huawei	model:	b2338-168 v100r001c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-35440 // JVNDB: JVNDB-2017-010702 // CNNVD: CNNVD-201711-975 // NVD: CVE-2017-8156

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8156
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-8156
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-35440
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-975
value:	HIGH
Trust: 0.6
VULHUB:	VHN-116359
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-8156
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-35440
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-116359
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8156
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-35440 // VULHUB: VHN-116359 // JVNDB: JVNDB-2017-010702 // CNNVD: CNNVD-201711-975 // NVD: CVE-2017-8156

PROBLEMTYPE DATA

problemtype:

CWE-306

Trust: 1.9

sources: VULHUB: VHN-116359 // JVNDB: JVNDB-2017-010702 // NVD: CVE-2017-8156

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-975

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-975

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010702

PATCH

title:	huawei-sa-20170920-01-cpe	url:	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en	Trust: 0.8
title:	The Huawei B2338-168 CPE device outdoor unit has a port access patch with no authentication vulnerability.	url:	https://www.cnvd.org.cn/patchInfo/show/107251	Trust: 0.6
title:	Huawei B2338-168 outdoor unit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76685	Trust: 0.6

sources: CNVD: CNVD-2017-35440 // JVNDB: JVNDB-2017-010702 // CNNVD: CNNVD-201711-975

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8156	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-010702	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-975	Trust: 0.7
db:	CNVD	id:	CNVD-2017-35440	Trust: 0.6
db:	VULHUB	id:	VHN-116359	Trust: 0.1

sources: CNVD: CNVD-2017-35440 // VULHUB: VHN-116359 // JVNDB: JVNDB-2017-010702 // CNNVD: CNNVD-201711-975 // NVD: CVE-2017-8156

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8156	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8156	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-cn	Trust: 0.6

sources: CNVD: CNVD-2017-35440 // VULHUB: VHN-116359 // JVNDB: JVNDB-2017-010702 // CNNVD: CNNVD-201711-975 // NVD: CVE-2017-8156

SOURCES

db:	CNVD	id:	CNVD-2017-35440
db:	VULHUB	id:	VHN-116359
db:	JVNDB	id:	JVNDB-2017-010702
db:	CNNVD	id:	CNNVD-201711-975
db:	NVD	id:	CVE-2017-8156

LAST UPDATE DATE

2025-04-20T23:12:44.429000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-35440	date:	2017-11-29T00:00:00
db:	VULHUB	id:	VHN-116359	date:	2017-12-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-010702	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201711-975	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8156	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-35440	date:	2017-11-29T00:00:00
db:	VULHUB	id:	VHN-116359	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010702	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201711-975	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8156	date:	2017-11-22T19:29:03.583