CVE-2019-5269 — Huawei Cd10-10 Firmware vulnerability

3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 80.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Cd10-10 Firmware Huawei Cd16-10 Firmware Huawei Cd17-10 Firmware +19 more

Timeline

PublishedNov 29

Latest updateMay 24

Description

Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages22 packages

▶NVDhuawei/cd10-10_firmware10.0.2.2 — 10.0.2.7

▶NVDhuawei/cd16-10_firmware10.0.2.3 — 10.0.2.5

▶NVDhuawei/cd17-10_firmware9.0.3.3 — 10.0.2.5

▶NVDhuawei/cd18-10_firmware9.0.2.23 — 10.0.2.5

▶NVDhuawei/ws826-10_firmware9.0.3.11 — 10.0.2.5

🔴Vulnerability Details

GHSA

GHSA-g5mh-9cjj-vm5x: Some Huawei home routers have an improper authorization vulnerability↗2022-05-24

▶

CVEList

CVE-2019-5269: Some Huawei home routers have an improper authorization vulnerability↗2019-11-29

▶