CVE-2019-5269 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2019-5269?

CVE-2019-5269 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-5269?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Cd10-10 Firmware, Huawei Cd10-10, Huawei Cd16-10 Firmware, Huawei Cd16-10, Huawei Cd17-10 Firmware.

Vulnerability Description

Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Cd10-10 Firmware	>= 10.0.2.2, < 10.0.2.7
Huawei	Cd10-10	-
Huawei	Cd16-10 Firmware	>= 10.0.2.3, < 10.0.2.5
Huawei	Cd16-10	-
Huawei	Cd17-10 Firmware	>= 9.0.3.3, < 10.0.2.5
Huawei	Cd17-10	-
Huawei	Cd18-10 Firmware	>= 9.0.2.23, < 10.0.2.5
Huawei	Cd18-10	-
Huawei	Hirouter-Cd15-10 Firmware	>= 9.0.2.3, < 10.0.2.5
Huawei	Hirouter-Cd15-10	-
Huawei	Hirouter-Cd20-10 Firmware	>= 9.0.3.9, < 10.0.2.6
Huawei	Hirouter-Cd20-10	-
Huawei	Hirouter-Cd21-16 Firmware	>= 9.0.3.9, < 10.0.2.5
Huawei	Hirouter-Cd21-16	-
Huawei	Hirouter-Cd30-10 Firmware	>= 10.0.2.8, < 10.0.2.9
Huawei	Hirouter-Cd30-10	-
Huawei	Hirouter-Cd30-11 Firmware	>= 10.0.2.8, < 10.0.2.9
Huawei	Hirouter-Cd30-11	-
Huawei	Hirouter-H1-10 Firmware	>= 9.0.3.11, < 10.0.2.5
Huawei	Hirouter-H1-10	-

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouVendor Advisory

FAQ

What is CVE-2019-5269?

CVE-2019-5269 is a vulnerability with a CVSS score of 7.8 (HIGH). Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files...

How severe is CVE-2019-5269?

CVE-2019-5269 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5269?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Cd10-10 Firmware, Huawei Cd10-10, Huawei Cd16-10 Firmware, Huawei Cd16-10, Huawei Cd17-10 Firmware.