ID

VAR-201911-0270


CVE

CVE-2019-5268


TITLE

plural Huawei Vulnerability in input validation in home router products

Trust: 0.8

sources: JVNDB: JVNDB-2019-012694

DESCRIPTION

Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories. The Huawei HiRouter-CD15-10 is a wireless router from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5268 // JVNDB: JVNDB-2019-012694 // CNVD: CNVD-2019-42427

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-42427

AFFECTED PRODUCTS

vendor:huaweimodel:ws5200-11scope:eqversion:10.0.2.3

Trust: 1.6

vendor:huaweimodel:ws5200-11scope:eqversion:9.0.3.11

Trust: 1.6

vendor:huaweimodel:tc5200-10scope:eqversion:10.0.2.3

Trust: 1.2

vendor:huaweimodel:ws5100-10scope:eqversion:9.0.3.11

Trust: 1.2

vendor:huaweimodel:ws5102-10scope:eqversion:10.0.2.2

Trust: 1.2

vendor:huaweimodel:ws5106-10scope:eqversion:10.0.2.2

Trust: 1.2

vendor:huaweimodel:ws5108-10scope:eqversion:10.0.2.2

Trust: 1.2

vendor:huaweimodel:ws5280-10scope:ltversion:10.0.2.6

Trust: 1.0

vendor:huaweimodel:cd10-10scope:ltversion:10.0.2.7

Trust: 1.0

vendor:huaweimodel:hirouter-cd15-10scope:gteversion:9.0.2.3

Trust: 1.0

vendor:huaweimodel:hirouter-cd21-16scope:gteversion:9.0.3.9

Trust: 1.0

vendor:huaweimodel:hirouter-cd30-10scope:gteversion:10.0.2.8

Trust: 1.0

vendor:huaweimodel:ws5280-11scope:gteversion:9.0.3.22

Trust: 1.0

vendor:huaweimodel:ws6500-11scope:gteversion:10.0.2.2

Trust: 1.0

vendor:huaweimodel:hirouter-cd20-10scope:ltversion:10.0.2.6

Trust: 1.0

vendor:huaweimodel:cd10-10scope:gteversion:10.0.2.2

Trust: 1.0

vendor:huaweimodel:hirouter-cd30-11scope:gteversion:10.0.2.8

Trust: 1.0

vendor:huaweimodel:ws826-10scope:gteversion:9.0.3.11

Trust: 1.0

vendor:huaweimodel:ws5100-10scope:gteversion:9.0.3.11

Trust: 1.0

vendor:huaweimodel:cd17-10scope:ltversion:10.0.2.5

Trust: 1.0

vendor:huaweimodel:hirouter-cd30-10scope:ltversion:10.0.2.9

Trust: 1.0

vendor:huaweimodel:hirouter-h1-10scope:ltversion:10.0.2.5

Trust: 1.0

vendor:huaweimodel:ws5108-10scope:ltversion:10.0.2.7

Trust: 1.0

vendor:huaweimodel:hirouter-cd30-11scope:ltversion:10.0.2.9

Trust: 1.0

vendor:huaweimodel:hirouter-cd20-10scope:gteversion:9.0.3.9

Trust: 1.0

vendor:huaweimodel:ws5106-10scope:ltversion:10.0.2.7

Trust: 1.0

vendor:huaweimodel:ws5280-10scope:gteversion:9.0.3.22

Trust: 1.0

vendor:huaweimodel:ws5200-10scope:ltversion:10.0.2.6

Trust: 1.0

vendor:huaweimodel:ws5102-10scope:ltversion:10.0.2.7

Trust: 1.0

vendor:huaweimodel:hirouter-cd21-16scope:ltversion:10.0.2.5

Trust: 1.0

vendor:huaweimodel:ws5108-10scope:gteversion:10.0.2.2

Trust: 1.0

vendor:huaweimodel:hirouter-h1-10scope:gteversion:9.0.3.11

Trust: 1.0

vendor:huaweimodel:ws6500-10scope:ltversion:10.0.2.5

Trust: 1.0

vendor:huaweimodel:hirouter-cd15-10scope:ltversion:10.0.2.5

Trust: 1.0

vendor:huaweimodel:cd16-10scope:ltversion:10.0.2.5

Trust: 1.0

vendor:huaweimodel:ws5106-10scope:gteversion:10.0.2.2

Trust: 1.0

vendor:huaweimodel:ws5102-10scope:gteversion:10.0.2.2

Trust: 1.0

vendor:huaweimodel:tc5200-10scope:ltversion:10.0.2.5

Trust: 1.0

vendor:huaweimodel:cd18-10scope:ltversion:10.0.2.5

Trust: 1.0

vendor:huaweimodel:ws5280-11scope:ltversion:10.0.2.6

Trust: 1.0

vendor:huaweimodel:ws6500-10scope:gteversion:10.0.2.3

Trust: 1.0

vendor:huaweimodel:ws5200-10scope:gteversion:9.0.3.9

Trust: 1.0

vendor:huaweimodel:ws5100-10scope:ltversion:10.0.2.7

Trust: 1.0

vendor:huaweimodel:ws826-10scope:ltversion:10.0.2.5

Trust: 1.0

vendor:huaweimodel:tc5200-10scope:gteversion:10.0.2.3

Trust: 1.0

vendor:huaweimodel:cd16-10scope:gteversion:10.0.2.3

Trust: 1.0

vendor:huaweimodel:cd17-10scope:gteversion:9.0.3.3

Trust: 1.0

vendor:huaweimodel:ws6500-11scope:ltversion:10.0.2.7

Trust: 1.0

vendor:huaweimodel:cd18-10scope:gteversion:9.0.2.23

Trust: 1.0

vendor:huaweimodel:cd10-10scope: - version: -

Trust: 0.8

vendor:huaweimodel:cd16-10scope: - version: -

Trust: 0.8

vendor:huaweimodel:cd17-10scope: - version: -

Trust: 0.8

vendor:huaweimodel:cd18-10scope: - version: -

Trust: 0.8

vendor:huaweimodel:hirouter-cd15-10scope: - version: -

Trust: 0.8

vendor:huaweimodel:hirouter-cd20-10scope: - version: -

Trust: 0.8

vendor:huaweimodel:hirouter-cd21-16scope: - version: -

Trust: 0.8

vendor:huaweimodel:hirouter-cd30-10scope: - version: -

Trust: 0.8

vendor:huaweimodel:hirouter-cd30-11scope: - version: -

Trust: 0.8

vendor:huaweimodel:hirouter-h1-10scope: - version: -

Trust: 0.8

vendor:huaweimodel:cd10-10scope:eqversion:10.0.2.2

Trust: 0.6

vendor:huaweimodel:cd16-10scope:eqversion:10.0.2.3

Trust: 0.6

vendor:huaweimodel:cd17-10scope:eqversion:9.0.3.3

Trust: 0.6

vendor:huaweimodel:cd18-10scope:eqversion:9.0.2.23

Trust: 0.6

vendor:huaweimodel:hirouter-cd15-10scope:eqversion:9.0.2.3

Trust: 0.6

vendor:huaweimodel:hirouter-cd20-10scope:eqversion:9.0.3.9

Trust: 0.6

vendor:huaweimodel:hirouter-cd21-16scope:eqversion:9.0.3.9

Trust: 0.6

vendor:huaweimodel:hirouter-cd30-10scope:eqversion:10.0.2.8

Trust: 0.6

vendor:huaweimodel:hirouter-cd30-11scope:eqversion:10.0.2.8

Trust: 0.6

vendor:huaweimodel:hirouter-h1-10scope:eqversion:9.0.3.11

Trust: 0.6

vendor:huaweimodel:ws5200-10scope:eqversion:9.0.3.9

Trust: 0.6

vendor:huaweimodel:ws5280-10scope:eqversion:9.0.3.22

Trust: 0.6

vendor:huaweimodel:ws5280-11scope:eqversion:9.0.3.22

Trust: 0.6

vendor:huaweimodel:ws6500-10scope:eqversion:10.0.2.3

Trust: 0.6

vendor:huaweimodel:ws6500-11scope:eqversion:10.0.2.2

Trust: 0.6

vendor:huaweimodel:ws826-10scope:eqversion:9.0.3.11

Trust: 0.6

vendor:huaweimodel:ws5106-10scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:hirouter-h1-10scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:tc5200-10scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:ws5102-10scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:ws5100-10scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2019-42427 // JVNDB: JVNDB-2019-012694 // CNNVD: CNNVD-201911-775 // NVD: CVE-2019-5268

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5268
value: HIGH

Trust: 1.0

NVD: CVE-2019-5268
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-42427
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-775
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5268
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-42427
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5268
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-5268
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-42427 // JVNDB: JVNDB-2019-012694 // CNNVD: CNNVD-201911-775 // NVD: CVE-2019-5268

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-012694 // NVD: CVE-2019-5268

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201911-775

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-775

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:cd10-10_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:cd16-10_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:cd17-10_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:cd18-10_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:hirouter-cd15-10_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:hirouter-cd20-10_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:hirouter-cd21-16_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:hirouter-cd30-10_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:hirouter-cd30-11_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:hirouter-h1-10_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2019-012694

PATCH

title:huawei-sa-20191113-01-homerouterurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en

Trust: 0.8

title:Patch for Multiple Huawei Product Input Validation Error Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/192103

Trust: 0.6

title:Multiple Huawei Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104477

Trust: 0.6

sources: CNVD: CNVD-2019-42427 // JVNDB: JVNDB-2019-012694 // CNNVD: CNNVD-201911-775

EXTERNAL IDS

db:NVDid:CVE-2019-5268

Trust: 3.0

db:JVNDBid:JVNDB-2019-012694

Trust: 0.8

db:CNVDid:CNVD-2019-42427

Trust: 0.6

db:CNNVDid:CNNVD-201911-775

Trust: 0.6

sources: CNVD: CNVD-2019-42427 // JVNDB: JVNDB-2019-012694 // CNNVD: CNNVD-201911-775 // NVD: CVE-2019-5268

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5268

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191113-01-homerouter-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5268

Trust: 0.8

sources: CNVD: CNVD-2019-42427 // JVNDB: JVNDB-2019-012694 // CNNVD: CNNVD-201911-775 // NVD: CVE-2019-5268

CREDITS

Changting Technology Security Lab of Beijing Changting Technology Co., Ltd.

Trust: 0.6

sources: CNNVD: CNNVD-201911-775

SOURCES

db:CNVDid:CNVD-2019-42427
db:JVNDBid:JVNDB-2019-012694
db:CNNVDid:CNNVD-201911-775
db:NVDid:CVE-2019-5268

LAST UPDATE DATE

2024-11-23T22:11:46.825000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-42427date:2019-11-27T00:00:00
db:JVNDBid:JVNDB-2019-012694date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201911-775date:2020-01-09T00:00:00
db:NVDid:CVE-2019-5268date:2024-11-21T04:44:38.527

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-42427date:2019-11-27T00:00:00
db:JVNDBid:JVNDB-2019-012694date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201911-775date:2019-11-13T00:00:00
db:NVDid:CVE-2019-5268date:2019-11-29T21:15:11.387