CVE-2019-5300

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r010c00:*:*:*:*:*:*:*
OR cpe:2.3:h:huawei:ar1200e:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1220c:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1220ev:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1220evw:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1220f-s:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:huawei:ar150_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar158evw:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:huawei:ar160_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r010c00:*:*:*:*:*:*:*
OR cpe:2.3:h:huawei:ar161:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161ew:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161f:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161f-dgp:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161fg-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161fgw-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161fv-1p:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161fw:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161g-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar161w:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar168f:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar168f-4p:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169egw-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169ew:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169f:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169fgw-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169fvw:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169fvw-8s:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169g-l:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169jfvw-2s:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar169w:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:huawei:ar200_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar201:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:huawei:ar2200_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r010c00:*:*:*:*:*:*:*
OR cpe:2.3:h:huawei:ar2204-27ge:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2204-27ge-p:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2204-51ge-p:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2204e:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2204xe:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2220e:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2240:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2240c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:huawei:ar2200s_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200s_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200s_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200s_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200s_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2200s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar3260:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:huawei:srg1300_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg1300_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg1300_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg1300_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg1320vw:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:huawei:srg2300_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg2300_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg2300_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg2300_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg2320e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:huawei:srg3300_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg3300_firmware:v200r008c50:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg3300_firmware:v200r009c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg3300_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg3340:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-04 19:29

Updated : 2024-02-28 17:08


NVD link : CVE-2019-5300

Mitre link : CVE-2019-5300

CVE.ORG link : CVE-2019-5300


JSON object : View

Products Affected

huawei

  • ar169fvw
  • ar200_firmware
  • ar2200_firmware
  • ar161g-l
  • ar169fgw-l
  • srg3300_firmware
  • ar2204-51ge-p
  • ar169ew
  • ar2200s_firmware
  • srg1300_firmware
  • srg1320vw
  • ar201
  • ar2204e
  • srg2300_firmware
  • ar169fvw-8s
  • ar169g-l
  • ar2200s
  • ar2204-27ge-p
  • ar2204-27ge
  • ar169
  • ar161w
  • ar1200-s_firmware
  • ar169w
  • ar2204xe
  • ar169f
  • ar161fg-l
  • ar2220e
  • ar1200_firmware
  • ar161ew
  • ar1220evw
  • ar158evw
  • ar161f-dgp
  • ar1200e
  • ar1220ev
  • ar161fw
  • ar160_firmware
  • ar168f-4p
  • ar2240c
  • srg2320e
  • srg3340
  • ar1220c
  • ar3200_firmware
  • ar161fgw-l
  • ar161fv-1p
  • ar161
  • ar2240
  • ar3260
  • ar168f
  • ar161f
  • ar150_firmware
  • ar169jfvw-2s
  • ar1220f-s
  • ar169egw-l
CWE
CWE-347

Improper Verification of Cryptographic Signature