CVE-2019-5291

CWE-3453 documents3 sources
Severity
5.9MEDIUM
EPSS
0.2%
top 55.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Huawei Ar120-s FirmwareHuawei Ar1200-s FirmwareHuawei Ar1200 Firmware+15 more
Timeline
PublishedDec 13
Latest updateMay 24

Description

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages18 packages

NVDhuawei/ar150_firmware4 versions+3
NVDhuawei/ar160_firmware4 versions+3
NVDhuawei/ar200_firmware4 versions+3
NVDhuawei/s6700_firmware4 versions+3
NVDhuawei/ar1200_firmware4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-x6v5-8qcc-4q56: Some Huawei products have an insufficient verification of data authenticity vulnerability2022-05-24
CVEList
CVE-2019-5291: Some Huawei products have an insufficient verification of data authenticity vulnerability2019-12-13