CVE-2019-5300

CWE-3473 documents3 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 98.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Huawei Ar1200-s FirmwareHuawei Ar1200 FirmwareHuawei Ar150 Firmware+8 more
Timeline
PublishedJun 4
Latest updateMay 24

Description

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages11 packages

NVDhuawei/ar1200_firmware5 versions+4
NVDhuawei/ar2200_firmware5 versions+4
NVDhuawei/ar2200s_firmware5 versions+4
NVDhuawei/ar1200-s_firmware5 versions+4
NVDhuawei/ar150_firmware5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-mhr8-vxv5-m5v8: There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 an2022-05-24
CVEList
CVE-2019-5300: There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 an2019-06-04