Vulnerability Details : CVE-2019-5300
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
Products affected by CVE-2019-5300
- cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar3200_firmware:v200r008c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar3200_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar3200_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar200_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar200_firmware:v200r008c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar200_firmware:v200r008c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar200_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar200_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar1200_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar1200_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar1200_firmware:v200r008c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar2200_firmware:v200r008c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar2200_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar2200_firmware:v200r008c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar2200_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar2200_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar1200-s_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar1200-s_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar150_firmware:v200r008c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar150_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar150_firmware:v200r008c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar150_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar150_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar160_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar160_firmware:v200r008c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar160_firmware:v200r008c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar160_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar160_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg1300_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg1300_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg1300_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg1300_firmware:v200r008c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg2300_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg2300_firmware:v200r008c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg2300_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg2300_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg3300_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg3300_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg3300_firmware:v200r008c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:srg3300_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar2200s_firmware:v200r008c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar2200s_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar2200s_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar2200s_firmware:v200r008c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar2200s_firmware:v200r009c00:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-5300
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-5300
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
6.7
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
CWE ids for CVE-2019-5300
-
The product does not verify, or incorrectly verifies, the cryptographic signature for data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-5300
-
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en
Security Advisory - Digital Signature Verification Bypass Vulnerability in Some Huawei RoutersVendor Advisory
Jump to