Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5269

Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.

Published

2019-11-29T20:15:12.083

Last Modified

2024-11-21T04:44:38.663

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	cd10-10_firmware	< 10.0.2.7	Yes
Hardware	huawei	cd10-10	-	No
Operating System	huawei	cd16-10_firmware	< 10.0.2.5	Yes
Hardware	huawei	cd16-10	-	No
Operating System	huawei	cd17-10_firmware	< 10.0.2.5	Yes
Hardware	huawei	cd17-10	-	No
Operating System	huawei	cd18-10_firmware	< 10.0.2.5	Yes
Hardware	huawei	cd18-10	-	No
Operating System	huawei	hirouter-cd15-10_firmware	< 10.0.2.5	Yes
Hardware	huawei	hirouter-cd15-10	-	No
Operating System	huawei	hirouter-cd20-10_firmware	< 10.0.2.6	Yes
Hardware	huawei	hirouter-cd20-10	-	No
Operating System	huawei	hirouter-cd21-16_firmware	< 10.0.2.5	Yes
Hardware	huawei	hirouter-cd21-16	-	No
Operating System	huawei	hirouter-cd30-10_firmware	< 10.0.2.9	Yes
Hardware	huawei	hirouter-cd30-10	-	No
Operating System	huawei	hirouter-cd30-11_firmware	< 10.0.2.9	Yes
Hardware	huawei	hirouter-cd30-11	-	No
Operating System	huawei	hirouter-h1-10_firmware	< 10.0.2.5	Yes
Hardware	huawei	hirouter-h1-10	-	No
Operating System	huawei	tc5200-10_firmware	< 10.0.2.5	Yes
Hardware	huawei	tc5200-10	-	No
Operating System	huawei	ws5100-10_firmware	< 10.0.2.7	Yes
Hardware	huawei	ws5100-10	-	No
Operating System	huawei	ws5102-10_firmware	< 10.0.2.7	Yes
Hardware	huawei	ws5102-10	-	No
Operating System	huawei	ws5106-10_firmware	< 10.0.2.7	Yes
Hardware	huawei	ws5106-10	-	No
Operating System	huawei	ws5108-10_firmware	< 10.0.2.7	Yes
Hardware	huawei	ws5108-10	-	No
Operating System	huawei	ws5200-10_firmware	< 10.0.2.6	Yes
Hardware	huawei	ws5200-10	-	No
Operating System	huawei	ws5200-11_firmware	9.0.3.11	Yes
Operating System	huawei	ws5200-11_firmware	10.0.2.3	Yes
Hardware	huawei	ws5200-11	-	No
Operating System	huawei	ws5280-10_firmware	< 10.0.2.6	Yes
Hardware	huawei	ws5280-10	-	No
Operating System	huawei	ws5280-11_firmware	< 10.0.2.6	Yes
Hardware	huawei	ws5280-11	-	No
Operating System	huawei	ws6500-10_firmware	< 10.0.2.5	Yes
Hardware	huawei	ws6500-10	-	No
Operating System	huawei	ws6500-11_firmware	< 10.0.2.7	Yes
Hardware	huawei	ws6500-11	-	No
Operating System	huawei	ws826-10_firmware	< 10.0.2.5	Yes
Hardware	huawei	ws826-10	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)