CVE-2019-5300

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.

CVSS v3 6.7 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en	Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r008c50:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r010c00:::::::*

OR	cpe:2.3:h:huawei:ar1200e:-:::::::*
	cpe:2.3:h:huawei:ar1220c:-:::::::*
	cpe:2.3:h:huawei:ar1220ev:-:::::::*
	cpe:2.3:h:huawei:ar1220evw:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c50:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:ar1220f-s:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:ar150_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r008c50:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:ar158evw:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:ar160_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r008c50:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r010c00:::::::*

OR	cpe:2.3:h:huawei:ar161:-:::::::*
	cpe:2.3:h:huawei:ar161ew:-:::::::*
	cpe:2.3:h:huawei:ar161f:-:::::::*
	cpe:2.3:h:huawei:ar161f-dgp:-:::::::*
	cpe:2.3:h:huawei:ar161fg-l:-:::::::*
	cpe:2.3:h:huawei:ar161fgw-l:-:::::::*
	cpe:2.3:h:huawei:ar161fv-1p:-:::::::*
	cpe:2.3:h:huawei:ar161fw:-:::::::*
	cpe:2.3:h:huawei:ar161g-l:-:::::::*
	cpe:2.3:h:huawei:ar161w:-:::::::*
	cpe:2.3:h:huawei:ar168f:-:::::::*
	cpe:2.3:h:huawei:ar168f-4p:-:::::::*
	cpe:2.3:h:huawei:ar169:-:::::::*
	cpe:2.3:h:huawei:ar169egw-l:-:::::::*
	cpe:2.3:h:huawei:ar169ew:-:::::::*
	cpe:2.3:h:huawei:ar169f:-:::::::*
	cpe:2.3:h:huawei:ar169fgw-l:-:::::::*
	cpe:2.3:h:huawei:ar169fvw:-:::::::*
	cpe:2.3:h:huawei:ar169fvw-8s:-:::::::*
	cpe:2.3:h:huawei:ar169g-l:-:::::::*
	cpe:2.3:h:huawei:ar169jfvw-2s:-:::::::*
	cpe:2.3:h:huawei:ar169w:-:::::::*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:huawei:ar200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r008c50:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:ar201:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:huawei:ar2200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r008c50:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r010c00:::::::*

OR	cpe:2.3:h:huawei:ar2204-27ge:-:::::::*
	cpe:2.3:h:huawei:ar2204-27ge-p:-:::::::*
	cpe:2.3:h:huawei:ar2204-51ge-p:-:::::::*
	cpe:2.3:h:huawei:ar2204e:-:::::::*
	cpe:2.3:h:huawei:ar2204xe:-:::::::*
	cpe:2.3:h:huawei:ar2220e:-:::::::*
	cpe:2.3:h:huawei:ar2240:-:::::::*
	cpe:2.3:h:huawei:ar2240c:-:::::::*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:huawei:ar2200s_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar2200s_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar2200s_firmware:v200r008c50:::::::*
	cpe:2.3:o:huawei:ar2200s_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:ar2200s_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:ar2200s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r008c50:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:ar3260:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:huawei:srg1300_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r008c50:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:srg1320vw:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:huawei:srg2300_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r008c50:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:srg2320e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

OR	cpe:2.3:o:huawei:srg3300_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:srg3300_firmware:v200r008c50:::::::*
	cpe:2.3:o:huawei:srg3300_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:srg3300_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:srg3340:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:44

Type	Values Removed	Values Added
References	~~() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en - Vendor Advisory~~	() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en - Vendor Advisory

Information

Published : 2019-06-04 19:29

Updated : 2024-11-21 04:44

NVD link : CVE-2019-5300

Mitre link : CVE-2019-5300

CVE.ORG link : CVE-2019-5300

JSON object : View

Products Affected

huawei

ar1220evw
ar168f
ar169egw-l
ar1200_firmware
srg3300_firmware
ar161fg-l
ar169fvw-8s
ar2240
srg2320e
ar169jfvw-2s
ar1220c
ar161w
ar169fvw
ar2240c
ar168f-4p
ar161
srg3340
ar161ew
ar161f-dgp
ar3200_firmware
ar169g-l
ar169f
ar2220e
ar200_firmware
ar161fw
ar169ew
ar2204e
ar150_firmware
ar2204-27ge-p
ar161fv-1p
ar161f
ar161fgw-l
ar169fgw-l
ar201
ar160_firmware
ar169w
ar2204-51ge-p
srg1320vw
ar2200s
ar1200e
ar169
srg1300_firmware
srg2300_firmware
ar2200s_firmware
ar2204xe
ar1200-s_firmware
ar158evw
ar2200_firmware
ar1220ev
ar3260
ar161g-l
ar1220f-s
ar2204-27ge

CWE

CWE-347

Improper Verification of Cryptographic Signature

6.7 /10