{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/huawei/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2020-37220"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["HG630 V2 router"],"_cs_severities":["high"],"_cs_tags":["cve","authentication-bypass","network-device"],"_cs_type":"advisory","_cs_vendors":["Huawei"],"content_html":"\u003cp\u003eThe Huawei HG630 V2 router is vulnerable to an authentication bypass issue (CVE-2020-37220). An unauthenticated attacker can exploit this vulnerability to gain administrative access to the router. By querying the \u003ccode\u003e/api/system/deviceinfo\u003c/code\u003e endpoint, an attacker can retrieve the device\u0026rsquo;s serial number. The last 8 characters of this serial number are then used as the default password for administrative login. This vulnerability allows unauthorized modification of router settings and potential compromise of the network. This issue was reported on May 13, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker sends a GET request to the \u003ccode\u003e/api/system/deviceinfo\u003c/code\u003e endpoint on the Huawei HG630 V2 router.\u003c/li\u003e\n\u003cli\u003eThe router responds with device information, including the \u003ccode\u003eSerialNumber\u003c/code\u003e field, without requiring authentication.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts the \u003ccode\u003eSerialNumber\u003c/code\u003e value from the response.\u003c/li\u003e\n\u003cli\u003eThe attacker isolates the last 8 characters of the extracted \u003ccode\u003eSerialNumber\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker attempts to log in to the router\u0026rsquo;s administrative interface via a web browser.\u003c/li\u003e\n\u003cli\u003eThe attacker uses \u0026ldquo;admin\u0026rdquo; as the username and the last 8 characters of the \u003ccode\u003eSerialNumber\u003c/code\u003e as the password.\u003c/li\u003e\n\u003cli\u003eIf the default credentials have not been changed, the attacker successfully authenticates as an administrator.\u003c/li\u003e\n\u003cli\u003eThe attacker gains full administrative access to the router and can modify settings, potentially compromising the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2020-37220 allows an unauthenticated attacker to gain complete administrative control of the Huawei HG630 V2 router. This access enables the attacker to modify router settings, intercept network traffic, conduct man-in-the-middle attacks, or use the compromised device as a pivot point for further attacks within the network. The lack of authentication on a critical endpoint makes this vulnerability particularly severe, potentially impacting a large number of users relying on this router model.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Huawei HG630 V2 Device Info Request\u003c/code\u003e to monitor for suspicious requests to the \u003ccode\u003e/api/system/deviceinfo\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Huawei HG630 V2 Successful Admin Login\u003c/code\u003e to identify successful logins using credentials derived from the serial number.\u003c/li\u003e\n\u003cli\u003eApply configuration changes to restrict access to the \u003ccode\u003e/api/system/deviceinfo\u003c/code\u003e endpoint if possible based on the device capabilities.\u003c/li\u003e\n\u003cli\u003eMonitor webserver logs for requests to \u003ccode\u003e/api/system/deviceinfo\u003c/code\u003e and correlate with subsequent login attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:18:55Z","date_published":"2026-05-13T16:18:55Z","id":"https://feed.craftedsignal.io/briefs/2026-05-huawei-hg630-auth-bypass/","summary":"Huawei HG630 V2 router contains an authentication bypass vulnerability (CVE-2020-37220) that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number via the `/api/system/deviceinfo` endpoint and using the last 8 characters as the default password.","title":"Huawei HG630 V2 Router Authentication Bypass Vulnerability (CVE-2020-37220)","url":"https://feed.craftedsignal.io/briefs/2026-05-huawei-hg630-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Huawei","version":"https://jsonfeed.org/version/1.1"}