CVE-2019-5269

EUVD-2019-14874
Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
huaweicd10-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweicd16-10_firmware
10.0.2.3 ≤
𝑥
< 10.0.2.5
huaweicd17-10_firmware
9.0.3.3 ≤
𝑥
< 10.0.2.5
huaweicd18-10_firmware
9.0.2.23 ≤
𝑥
< 10.0.2.5
huaweihirouter-cd15-10_firmware
9.0.2.3 ≤
𝑥
< 10.0.2.5
huaweihirouter-cd20-10_firmware
9.0.3.9 ≤
𝑥
< 10.0.2.6
huaweihirouter-cd21-16_firmware
9.0.3.9 ≤
𝑥
< 10.0.2.5
huaweihirouter-cd30-10_firmware
10.0.2.8 ≤
𝑥
< 10.0.2.9
huaweihirouter-cd30-11_firmware
10.0.2.8 ≤
𝑥
< 10.0.2.9
huaweihirouter-h1-10_firmware
9.0.3.11 ≤
𝑥
< 10.0.2.5
huaweitc5200-10_firmware
10.0.2.3 ≤
𝑥
< 10.0.2.5
huaweiws5100-10_firmware
9.0.3.11 ≤
𝑥
< 10.0.2.7
huaweiws5102-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws5106-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws5108-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws5200-10_firmware
9.0.3.9 ≤
𝑥
< 10.0.2.6
huaweiws5200-11_firmware
9.0.3.11
huaweiws5200-11_firmware
10.0.2.3
huaweiws5280-10_firmware
9.0.3.22 ≤
𝑥
< 10.0.2.6
huaweiws5280-11_firmware
9.0.3.22 ≤
𝑥
< 10.0.2.6
huaweiws6500-10_firmware
10.0.2.3 ≤
𝑥
< 10.0.2.5
huaweiws6500-11_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws826-10_firmware
9.0.3.11 ≤
𝑥
< 10.0.2.5
𝑥
= Vulnerable software versions
References
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en