Details of VAR-202508-1608

ID

VAR-202508-1608

CVE

CVE-2024-58255

TITLE

Huawei EnzoH-W5611T OS Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-18727

DESCRIPTION

EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. Huawei is a leading global provider of ICT (information and communications technology) infrastructure and intelligent devices. Founded in 1987 and headquartered in Shenzhen, Guangdong Province, China, Huawei's business covers over 170 countries and regions, serving over 3 billion people worldwide. This vulnerability is caused by setting certain variables directly after getting them without validating them. Detailed vulnerability details are not available at this time

Trust: 1.44

sources: NVD: CVE-2024-58255 // CNVD: CNVD-2025-18727

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-18727

AFFECTED PRODUCTS

vendor:

huawei

model:

enzoh-w5611t bios

scope:

version:

1.07

Trust: 0.6

sources: CNVD: CNVD-2025-18727

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@huawei.com:	CVE-2024-58255
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-18727
value:	LOW
Trust: 0.6

CNVD:	CNVD-2025-18727
severity:	LOW
baseScore:	3.5
vectorString:	AV:L/AC:H/AU:S/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	1.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@huawei.com:	CVE-2024-58255
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.8
impactScore:	3.7
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-18727 // NVD: CVE-2024-58255

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.0

sources: NVD: CVE-2024-58255

PATCH

title:

Patch for Huawei EnzoH-W5611T OS Command Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/719636

Trust: 0.6

sources: CNVD: CNVD-2025-18727

EXTERNAL IDS

db:	NVD	id:	CVE-2024-58255	Trust: 1.6
db:	CNVD	id:	CNVD-2025-18727	Trust: 0.6

sources: CNVD: CNVD-2025-18727 // NVD: CVE-2024-58255

REFERENCES

url:	https://www.huawei.com/cn/psirt/security-advisories/2025/huawei-sa-ocivihep-e73ab538	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-58255	Trust: 0.6

sources: CNVD: CNVD-2025-18727 // NVD: CVE-2024-58255

SOURCES

db:	CNVD	id:	CNVD-2025-18727
db:	NVD	id:	CVE-2024-58255

LAST UPDATE DATE

2025-08-20T23:18:56.653000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-18727	date:	2025-08-18T00:00:00
db:	NVD	id:	CVE-2024-58255	date:	2025-08-08T20:30:18.180

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-18727	date:	2025-08-18T00:00:00
db:	NVD	id:	CVE-2024-58255	date:	2025-08-08T04:15:59.047