CVE-2019-5268 — Improper Input Validation in Huawei Cd10-10 Firmware

CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.1HIGHNVD

EPSS

0.1%

top 76.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Cd10-10 Firmware Huawei Cd16-10 Firmware Huawei Cd17-10 Firmware +19 more

Timeline

PublishedNov 29

Latest updateMay 24

Description

Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages22 packages

▶NVDhuawei/cd10-10_firmware10.0.2.2 — 10.0.2.7

▶NVDhuawei/cd16-10_firmware10.0.2.3 — 10.0.2.5

▶NVDhuawei/cd17-10_firmware9.0.3.3 — 10.0.2.5

▶NVDhuawei/cd18-10_firmware9.0.2.23 — 10.0.2.5

▶NVDhuawei/ws826-10_firmware9.0.3.11 — 10.0.2.5

🔴Vulnerability Details

GHSA

GHSA-2wp7-476w-v7fh: Some Huawei home routers have an input validation vulnerability↗2022-05-24

▶

CVEList

CVE-2019-5268: Some Huawei home routers have an input validation vulnerability↗2019-11-29

▶