1. Home
  2. CVE Database
  3. CVE-2019-5300
MEDIUM · 6.7

CVE-2019-5300

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due...

Vulnerability Description

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.

CVSS Score

6.7

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
HuaweiAr1200 Firmwarev200r007c00
HuaweiAr1200E-
HuaweiAr1220C-
HuaweiAr1220Ev-
HuaweiAr1220Evw-
HuaweiAr1200-S Firmwarev200r007c00
HuaweiAr1220F-S-
HuaweiAr150 Firmwarev200r007c00
HuaweiAr158Evw-
HuaweiAr160 Firmwarev200r007c00
HuaweiAr161-
HuaweiAr161Ew-
HuaweiAr161F-
HuaweiAr161F-Dgp-
HuaweiAr161Fg-L-
HuaweiAr161Fgw-L-
HuaweiAr161Fv-1P-
HuaweiAr161Fw-
HuaweiAr161G-L-
HuaweiAr161W-

Related Weaknesses (CWE)

CWE-347

References

FAQ

What is CVE-2019-5300?

CVE-2019-5300 is a vulnerability with a CVSS score of 6.7 (MEDIUM). There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due...

How severe is CVE-2019-5300?

CVE-2019-5300 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5300?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ar1200 Firmware, Huawei Ar1200E, Huawei Ar1220C, Huawei Ar1220Ev, Huawei Ar1220Evw.