CVE-2020-37220

HIGH 7.5

Huawei HG630 V2 Router Authentication Bypass via Serial Number

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then use the last 8 characters as the default password to log in to the router.

CWE	CWE-798
Vendor	www.huawei.com
Product	hg630 v2 router
Published	May 13, 2026
Last Updated	May 26, 2026

Stay Ahead of the Next One

Get instant alerts for www.huawei.com hg630 v2 router

Be the first to know when new high vulnerabilities affecting www.huawei.com hg630 v2 router are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

www.huawei.com / HG630 V2 Router

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/48310 youtube.com: https://www.youtube.com/watch?v=vOrIL7L_cVc vulncheck.com: https://www.vulncheck.com/advisories/huawei-hg630-v2-router-authentication-bypass-via-serial-number

Credits

Eslam Medhat