Vulnerability Description
There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Ar120-S Firmware | v200r005c20 |
| Huawei | Ar120-S | - |
| Huawei | Ar1200 Firmware | v200r005c20 |
| Huawei | Ar1200 | - |
| Huawei | Ar1200-S Firmware | v200r005c20 |
| Huawei | Ar1200-S | - |
| Huawei | Ar150 Firmware | v200r005c20 |
| Huawei | Ar150 | - |
| Huawei | Ar150-S Firmware | v200r005c20 |
| Huawei | Ar150-S | - |
| Huawei | Ar160 Firmware | v200r005c20 |
| Huawei | Ar160 | - |
| Huawei | Ar200 Firmware | v200r005c20 |
| Huawei | Ar200 | - |
| Huawei | Ar200-S Firmware | v200r005c20 |
| Huawei | Ar200-S | - |
| Huawei | Ar2200 Firmware | v200r005c20 |
| Huawei | Ar2200 | - |
| Huawei | Ar2200-S Firmware | v200r005c20 |
| Huawei | Ar2200-S | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-buffer-Vendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-buffer-Vendor Advisory
FAQ
What is CVE-2019-5294?
CVE-2019-5294 is a vulnerability with a CVSS score of 7.5 (HIGH). There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow er...
How severe is CVE-2019-5294?
CVE-2019-5294 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5294?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ar120-S Firmware, Huawei Ar120-S, Huawei Ar1200 Firmware, Huawei Ar1200, Huawei Ar1200-S Firmware.