Skip to main content

Huawei EUVDEUVD-2020-31221

| CVE-2020-37220 HIGH
Use of Hard-coded Credentials (CWE-798)
2026-05-13 VulnCheck GHSA-h3fj-fchj-5wrp
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
May 13, 2026 - 16:22 NVD
7.5 (HIGH) 8.7 (HIGH)
CVE Published
May 13, 2026 - 14:22 cve.org
HIGH 8.7

DescriptionCVE.org

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then use the last 8 characters as the default password to login to the router.

AnalysisAI

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then use the last 8 characters as the default password to login to the router. Affected products include: Www.Huawei.Com Huawei Hg630 Router.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

More in Huawei

View all
CVE-2014-9222 CRITICAL POC
10.0 Dec 24

AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows re

CVE-2013-4630 HIGH POC
7.6 Jun 20

Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allow

CVE-2016-2231 CRITICAL POC
9.8 Feb 15

The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the c

CVE-2012-4960 MEDIUM POC
6.5 Jun 20

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605

CVE-2015-7254 MEDIUM POC
5.0 Nov 07

Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary

CVE-2013-4631 HIGH POC
7.8 Jun 20

Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of se

CVE-2015-8088 HIGH POC
7.8 Jan 12

Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7

CVE-2014-8358 HIGH POC
7.8 Dec 11

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014)

CVE-2016-5821 HIGH POC
7.8 Jul 13

Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUIL

CVE-2014-9223 CRITICAL
10.0 Dec 24

Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and product

CVE-2014-8359 HIGH POC
7.2 Nov 13

Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute

CVE-2014-2273 HIGH POC
7.2 Dec 05

The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary me

Share

EUVD-2020-31221 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy