CVE-2020-37220

HIGH 7.5

Huawei HG630 V2 Router Authentication Bypass via Serial Number

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then use the last 8 characters as the default password to login to the router.

CWE	CWE-798
Vendor	www.huawei.com
Product	huawei hg630 router
Published	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for www.huawei.com huawei hg630 router

Be the first to know when new high vulnerabilities affecting www.huawei.com huawei hg630 router are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

www.huawei.com / Huawei HG630 Router

HG630 V2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/48310 youtube.com: https://www.youtube.com/watch?v=vOrIL7L_cVc vulncheck.com: https://www.vulncheck.com/advisories/huawei-hg630-v2-router-authentication-bypass-via-serial-number

Credits

Eslam Medhat