CVE-2019-5300
6.7
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
Affected (52)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r007c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar1200e | All versions |
Huawei Ar1220c | All versions |
Huawei Ar1220ev | All versions |
Huawei Ar1220evw | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r007c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar1220f S | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r007c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar158evw | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r007c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar161 | All versions |
Huawei Ar161ew | All versions |
Huawei Ar161f | All versions |
Huawei Ar161f Dgp | All versions |
Huawei Ar161fg L | All versions |
Huawei Ar161fgw L | All versions |
Huawei Ar161fv 1p | All versions |
Huawei Ar161fw | All versions |
Huawei Ar161g L | All versions |
Huawei Ar161w | All versions |
Huawei Ar168f | All versions |
Huawei Ar168f 4p | All versions |
Huawei Ar169 | All versions |
Huawei Ar169egw L | All versions |
Huawei Ar169ew | All versions |
Huawei Ar169f | All versions |
Huawei Ar169fgw L | All versions |
Huawei Ar169fvw | All versions |
Huawei Ar169fvw 8s | All versions |
Huawei Ar169g L | All versions |
Huawei Ar169jfvw 2s | All versions |
Huawei Ar169w | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r007c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar201 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r007c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar2204 27ge | All versions |
Huawei Ar2204 27ge P | All versions |
Huawei Ar2204 51ge P | All versions |
Huawei Ar2204e | All versions |
Huawei Ar2204xe | All versions |
Huawei Ar2220e | All versions |
Huawei Ar2240 | All versions |
Huawei Ar2240c | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r007c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar2200s | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r007c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ar3260 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r007c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Srg1320vw | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r007c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Srg2320e | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version v200r007c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Srg3340 | All versions |
References (2)
Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.