Skip to main content

CVE-2025-49599: CWE-863 Incorrect Authorization in Huawei EG8141A5

Medium
VulnerabilityCVE-2025-49599cvecve-2025-49599cwe-863
Published: Fri Jun 06 2025 (06/06/2025, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: Huawei
Product: EG8141A5

Description

Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka HWNO-56Q3.

AI-Powered Analysis

AILast updated: 07/08/2025, 07:55:16 UTC

Technical Analysis

CVE-2025-49599 is a medium-severity security vulnerability affecting Huawei optical network terminal (ONT) devices, specifically the EG8141A5, EG8145V5, and EG8145V5-V2 models running firmware versions up to V5R019C00S100 and V5R021C00S184 respectively. The vulnerability arises from incorrect authorization controls (CWE-863) related to the 'Epuser' account on these devices. This account is able to disable the ONT's firewall functionality, which by default blocks critical TCP ports such as SSH (port 22) and TELNET (port 23). By disabling these protections, an attacker with access to the Epuser account can expose the device to remote access attempts via these protocols, which are often targeted for exploitation due to their history of weak authentication and known vulnerabilities. The CVSS 3.1 base score of 4.1 reflects a medium severity, with the vector indicating that the attack requires low complexity, privileges (PR:L) on the device, no user interaction, and affects the integrity of the device configuration without impacting confidentiality or availability. The scope is changed (S:C), meaning the vulnerability affects components beyond the initially vulnerable component. No known exploits are currently reported in the wild, and no patches are listed, indicating that mitigation may require vendor intervention or configuration changes. This vulnerability is significant because ONT devices serve as the demarcation point between customer premises and the service provider network, and weakening their firewall can lead to unauthorized access, lateral movement, or further compromise of the home or enterprise network.

Potential Impact

For European organizations, especially those relying on Huawei ONT devices for fiber broadband connectivity, this vulnerability poses a risk of unauthorized modification of device firewall settings. If an attacker gains access to the Epuser account—potentially through credential compromise or insider threat—they could disable firewall protections, exposing the device and connected networks to remote attacks via SSH or TELNET. This could lead to unauthorized configuration changes, installation of malware, or pivoting attacks into internal networks. The impact is particularly relevant for enterprises and critical infrastructure operators using Huawei ONTs in their network edge, as it could undermine network integrity and trust. Additionally, given the widespread deployment of Huawei equipment in various European countries, this vulnerability could affect a significant number of endpoints. The lack of confidentiality impact reduces the risk of data leakage directly from this vulnerability, but integrity compromise can facilitate further attacks. The medium severity suggests that while exploitation is not trivial, the consequences warrant attention, especially in regulated sectors such as finance, healthcare, and government services.

Mitigation Recommendations

To mitigate CVE-2025-49599, European organizations should first verify if their Huawei ONT devices are among the affected models and firmware versions. Immediate steps include: 1) Restricting access to the Epuser account by changing default credentials and enforcing strong, unique passwords; 2) Disabling or limiting the use of the Epuser account if possible; 3) Implementing network segmentation to isolate ONT devices from critical internal networks; 4) Monitoring network traffic for unusual activity on SSH and TELNET ports; 5) Applying any available firmware updates or patches from Huawei as soon as they are released; 6) Employing multi-factor authentication for device management interfaces if supported; 7) Conducting regular audits of device configurations to detect unauthorized changes to firewall settings; 8) Coordinating with ISPs or service providers to ensure secure provisioning and management of ONT devices. Since no patches are currently listed, organizations should engage with Huawei support for timelines and interim protective measures.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-06-06T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68431b5671f4d251b5d2d3ef

Added to database: 6/6/2025, 4:46:14 PM

Last enriched: 7/8/2025, 7:55:16 AM

Last updated: 8/18/2025, 2:29:12 AM

Views: 40

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats