CVE-2019-5268

EUVD-2019-14873
Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
huaweicd10-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweicd16-10_firmware
10.0.2.3 ≤
𝑥
< 10.0.2.5
huaweicd17-10_firmware
9.0.3.3 ≤
𝑥
< 10.0.2.5
huaweicd18-10_firmware
9.0.2.23 ≤
𝑥
< 10.0.2.5
huaweihirouter-cd15-10_firmware
9.0.2.3 ≤
𝑥
< 10.0.2.5
huaweihirouter-cd20-10_firmware
9.0.3.9 ≤
𝑥
< 10.0.2.6
huaweihirouter-cd21-16_firmware
9.0.3.9 ≤
𝑥
< 10.0.2.5
huaweihirouter-cd30-10_firmware
10.0.2.8 ≤
𝑥
< 10.0.2.9
huaweihirouter-cd30-11_firmware
10.0.2.8 ≤
𝑥
< 10.0.2.9
huaweihirouter-h1-10_firmware
9.0.3.11 ≤
𝑥
< 10.0.2.5
huaweitc5200-10_firmware
10.0.2.3 ≤
𝑥
< 10.0.2.5
huaweiws5100-10_firmware
9.0.3.11 ≤
𝑥
< 10.0.2.7
huaweiws5102-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws5106-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws5108-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws5200-10_firmware
9.0.3.9 ≤
𝑥
< 10.0.2.6
huaweiws5200-11_firmware
9.0.3.11
huaweiws5200-11_firmware
10.0.2.3
huaweiws5280-10_firmware
9.0.3.22 ≤
𝑥
< 10.0.2.6
huaweiws5280-11_firmware
9.0.3.22 ≤
𝑥
< 10.0.2.6
huaweiws6500-10_firmware
10.0.2.3 ≤
𝑥
< 10.0.2.5
huaweiws6500-11_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws826-10_firmware
9.0.3.11 ≤
𝑥
< 10.0.2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en