Connection Hijacking Vulnerability in Huawei Home Routers (CVE-2023-52718)
CVE number = CVE-2023-52718
A connection hijacking vulnerability exists in some Huawei home routers.
Successful exploitation of this vulnerability may cause DoS or information leakage.
This vulnerability can be exploited only when the following conditions are present:
The attacker accesses the same LAN as the victim device and obtains information about the victim device and the network.
Affected Product | Affected Version | Repair Version |
PT9030-15 | PT9030-15 3.0.3.266 | PT9030-15 3.0.3.270 |
WS7206-10 | WS7206-10 11.0.5.19 | WS7206-10 3.0.3.207 |
WS7206-10 | WS7206-10 2.1.0.203 | WS7206-10 2.1.0.205 |
WS7290-15 | WS7290-15 3.0.3.266 | WS7290-15 3.0.3.270 |
WS8000-10 | WS8000-16 3.0.3.236 | WS8000-10 3.0.3.239 |
WS8001-10 | WS8001-10 3.0.3.242 | WS8001-10 4.0.0.11(V3R2) |
WS8002-10 | WS8002-10 3.0.3.242 | WS8002-10 4.0.0.11(V3R2) |
WS8500-10 | WS8500-16 3.0.3.235 | WS8500-10 3.0.3.239 |
WS8502-10 | WS8502-10 3.0.3.242 | WS8503-10 4.0.0.11(V3R2) |
WS8700-10 | WS8700-10 3.0.3.251 | WS8700-10 3.0.3.255 |
Technical details:
Some Huawei home routers have a connection hijacking vulnerability. An attacker on the same LAN as the victim device can exploit this vulnerability through the TCP connection sequence number and response number. Successful exploitation of this vulnerability may cause DoS or information leakage on the victim device.
The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.