Details of VAR-202412-2935

ID

VAR-202412-2935

CVE

CVE-2023-52718

TITLE

plural Huawei Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-016478

DESCRIPTION

A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408) This vulnerability has been assigned a (CVE)ID:CVE-2023-52718. PT9030-15 firmware, WS7206-10 firmware, WS7290-15 firmware etc. Huawei There are unspecified vulnerabilities in the product.Information is obtained and service operation is interrupted (DoS) It may be in a state. The Huawei WS8700 and other routers are manufactured by the Chinese company Huawei

Trust: 2.16

sources: NVD: CVE-2023-52718 // JVNDB: JVNDB-2024-016478 // CNVD: CNVD-2025-23596

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-23596

AFFECTED PRODUCTS

vendor:	huawei	model:	pt9030-15	scope:	eq	version:	3.0.3.266	Trust: 1.6
vendor:	huawei	model:	ws7206-10	scope:	eq	version:	11.0.5.19	Trust: 1.6
vendor:	huawei	model:	ws7206-10	scope:	eq	version:	2.1.0.203	Trust: 1.6
vendor:	huawei	model:	ws7290-15	scope:	eq	version:	3.0.3.266	Trust: 1.6
vendor:	huawei	model:	ws8001-10	scope:	eq	version:	3.0.3.242	Trust: 1.6
vendor:	huawei	model:	ws8002-10	scope:	eq	version:	3.0.3.242	Trust: 1.6
vendor:	huawei	model:	ws8502-10	scope:	eq	version:	3.0.3.242	Trust: 1.6
vendor:	huawei	model:	ws8700-10	scope:	eq	version:	3.0.3.251	Trust: 1.6
vendor:	huawei	model:	ws8000-10	scope:	eq	version:	3.0.3.236	Trust: 1.0
vendor:	huawei	model:	ws8500-10	scope:	eq	version:	3.0.3.235	Trust: 1.0
vendor:	huawei	model:	ws8001-10	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ws8000-10	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ws8500-10	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ws8700-10	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ws8502-10	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ws7290-15	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	pt9030-15	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ws8002-10	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ws7206-10	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ws8000-16	scope:	eq	version:	3.0.3.236	Trust: 0.6
vendor:	huawei	model:	ws8500-16	scope:	eq	version:	3.0.3.235	Trust: 0.6

sources: CNVD: CNVD-2025-23596 // JVNDB: JVNDB-2024-016478 // NVD: CVE-2023-52718

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@huawei.com:	CVE-2023-52718
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2023-52718
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-52718
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-23596
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-23596
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:A/AC:H/AU:M/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@huawei.com:	CVE-2023-52718
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2023-52718
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2023-52718
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-23596 // JVNDB: JVNDB-2024-016478 // NVD: CVE-2023-52718 // NVD: CVE-2023-52718

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-420	Trust: 1.0
problemtype:	Alternate unsecured channel (CWE-420) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-016478 // NVD: CVE-2023-52718

PATCH

title:

Patch for Some Huawei home routers have connection hijacking vulnerabilities

url:

https://www.cnvd.org.cn/patchInfo/show/742236

Trust: 0.6

sources: CNVD: CNVD-2025-23596

EXTERNAL IDS

db:	NVD	id:	CVE-2023-52718	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-016478	Trust: 0.8
db:	CNVD	id:	CNVD-2025-23596	Trust: 0.6

sources: CNVD: CNVD-2025-23596 // JVNDB: JVNDB-2024-016478 // NVD: CVE-2023-52718

REFERENCES

url:	https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2023-52718	Trust: 0.8

sources: CNVD: CNVD-2025-23596 // JVNDB: JVNDB-2024-016478 // NVD: CVE-2023-52718

SOURCES

db:	CNVD	id:	CNVD-2025-23596
db:	JVNDB	id:	JVNDB-2024-016478
db:	NVD	id:	CVE-2023-52718

LAST UPDATE DATE

2025-10-16T23:54:08.151000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-23596	date:	2025-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2024-016478	date:	2025-01-15T06:55:00
db:	NVD	id:	CVE-2023-52718	date:	2025-01-13T20:50:13.847

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-23596	date:	2025-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2024-016478	date:	2025-01-15T00:00:00
db:	NVD	id:	CVE-2023-52718	date:	2024-12-28T08:15:04.797