CVE-2019-5300

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-5300

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

T

here is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.

References
Link Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r010c00:*:*:*:*:*:*:*
OR cpe:2.3:h:huawei:ar1200e:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1220c:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1220ev:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1220evw:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1220f-s:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:huawei:ar150_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar158evw:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:huawei:ar160_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r010c00:*:*:*:*:*:*:*
OR cpe:2.3:h:huawei:ar161:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161ew:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161f:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161f-dgp:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161fg-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161fgw-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161fv-1p:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161fw:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161g-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161w:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar168f:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar168f-4p:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169egw-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169ew:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169f:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169fgw-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169fvw:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169fvw-8s:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169g-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169jfvw-2s:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169w:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:huawei:ar200_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar201:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:huawei:ar2200_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r010c00:*:*:*:*:*:*:*
OR cpe:2.3:h:huawei:ar2204-27ge:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2204-27ge-p:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2204-51ge-p:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2204e:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2204xe:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2220e:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2240:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2240c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:huawei:ar2200s_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200s_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200s_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200s_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200s_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2200s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar3260:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:huawei:srg1300_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg1300_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg1300_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg1300_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg1320vw:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:huawei:srg2300_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg2300_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg2300_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg2300_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg2320e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:huawei:srg3300_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg3300_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg3300_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg3300_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg3340:-:*:*:*:*:*:*:*
History

21 Nov 2024, 04:44

Type Values Removed Values Added
References () https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en - Vendor Advisory () https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en - Vendor Advisory
Information

Published : 2019-06-04 19:29

Updated : 2024-11-21 04:44

NVD link : CVE-2019-5300

Mitre link : CVE-2019-5300

CVE.ORG link : CVE-2019-5300

JSON object : View

Products Affected

huawei

CWE
CWE-347

Improper Verification of Cryptographic Signature