Cross-site scripting (XSS) vulnerabilities in the admin panel were common. An attacker could craft a malicious link that, when clicked by the router admin, would change settings. The new firmware introduces output encoding and CSRF (Cross-Site Request Forgery) tokens to the web interface.
The Huawei HG532e router suffered from discovered in late 2017. A critical firmware update (most notably version HG532eV100R001C02B017_up or later) was released to fix these flaws. The most significant fix addressed CVE-2017-17215 , which allowed unauthenticated attackers to execute arbitrary commands on the device from the WAN (internet) side. huawei hg532e firmware update fixed