CVE-2019-5294
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal.
Affected (46)
Products: Huawei: Ar120 S Firmware, Ar1200 Firmware, Ar1200 S Firmware, Ar150 Firmware, Ar150 S Firmware, Ar160 Firmware, Ar200 Firmware, Ar200 S Firmware, Ar2200 Firmware, Ar2200 S Firmware, Ar3200 Firmware, Ar3600 Firmware, Netengine16ex Firmware, Srg1300 Firmware, Srg2300 Firmware, Srg3300 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar120 S | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar1200 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar1200 S | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar150 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar150 S | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar160 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar200 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar200 S | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar2200 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar2200 S | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar3200 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r006c10 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar3600 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Netengine16ex | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Srg1300 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Srg2300 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r005c20 |
| Running on/with | Platform Versions |
|---|---|
Huawei Srg3300 | All versions |
References (2)
Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.