CVE-2014-8358

Name: CVE-2014-8358
Creator: NVD / NIST
Published: 2017-12-11T21:29:00.237+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.02%

Last modified Jun 17, 2026

CVE-2014-8358 is a vulnerability of currently unknown severity. Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.. EPSS estimates a 5.02% chance of exploitation in the next 30 days.

Description

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.

Metrics

EPSS Probability

5.02%

91.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-426

Affected Software

Vendor	Product	Versions
Huawei	Ec156 Firmware	v200r003b009d05sp03c1014
Huawei	Ec176 Firmware	v200r003b009d05sp03c1014
Huawei	Ec177 Firmware	v200r003b009d05sp03c1014

References

http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152Issue Tracking, Vendor Advisory
http://www.securityfocus.com/bid/70672Third Party Advisory, VDB Entry
https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.htmlIssue Tracking, Third Party Advisory, VDB Entry
http://www.huawei.com/us/psirt/security-advisories/2014/hw-376152Issue Tracking, Vendor Advisory
http://www.securityfocus.com/bid/70672Third Party Advisory, VDB Entry
https://packetstormsecurity.com/files/128767/Huawei-Mobile-Partner-DLL-Hijacking.htmlIssue Tracking, Third Party Advisory, VDB Entry

Timeline

Published: Dec 11, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-8358?

How severe is CVE-2014-8358?

Severity scoring for CVE-2014-8358 is pending analysis. The EPSS model estimates a 5.02% probability of exploitation in the next 30 days.

How do I fix CVE-2014-8358?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-8358?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST