CVE-2019-5269

Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
huaweiCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
huaweicd10-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweicd16-10_firmware
10.0.2.3 ≤
𝑥
< 10.0.2.5
huaweicd17-10_firmware
9.0.3.3 ≤
𝑥
< 10.0.2.5
huaweicd18-10_firmware
9.0.2.23 ≤
𝑥
< 10.0.2.5
huaweihirouter-cd15-10_firmware
9.0.2.3 ≤
𝑥
< 10.0.2.5
huaweihirouter-cd20-10_firmware
9.0.3.9 ≤
𝑥
< 10.0.2.6
huaweihirouter-cd21-16_firmware
9.0.3.9 ≤
𝑥
< 10.0.2.5
huaweihirouter-cd30-10_firmware
10.0.2.8 ≤
𝑥
< 10.0.2.9
huaweihirouter-cd30-11_firmware
10.0.2.8 ≤
𝑥
< 10.0.2.9
huaweihirouter-h1-10_firmware
9.0.3.11 ≤
𝑥
< 10.0.2.5
huaweitc5200-10_firmware
10.0.2.3 ≤
𝑥
< 10.0.2.5
huaweiws5100-10_firmware
9.0.3.11 ≤
𝑥
< 10.0.2.7
huaweiws5102-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws5106-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws5108-10_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws5200-10_firmware
9.0.3.9 ≤
𝑥
< 10.0.2.6
huaweiws5200-11_firmware
9.0.3.11
huaweiws5200-11_firmware
10.0.2.3
huaweiws5280-10_firmware
9.0.3.22 ≤
𝑥
< 10.0.2.6
huaweiws5280-11_firmware
9.0.3.22 ≤
𝑥
< 10.0.2.6
huaweiws6500-10_firmware
10.0.2.3 ≤
𝑥
< 10.0.2.5
huaweiws6500-11_firmware
10.0.2.2 ≤
𝑥
< 10.0.2.7
huaweiws826-10_firmware
9.0.3.11 ≤
𝑥
< 10.0.2.5
𝑥
= Vulnerable software versions
References
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en