Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories.

Metrics

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00079.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Huawei Subscribe
Cd10-10 Subscribe
Cd10-10 Firmware Subscribe
Cd16-10 Subscribe
Cd16-10 Firmware Subscribe
Cd17-10 Subscribe
Cd17-10 Firmware Subscribe
Cd18-10 Subscribe
Cd18-10 Firmware Subscribe
Hirouter-cd15-10 Subscribe
Hirouter-cd15-10 Firmware Subscribe
Hirouter-cd20-10 Subscribe
Hirouter-cd20-10 Firmware Subscribe
Hirouter-cd21-16 Subscribe
Hirouter-cd21-16 Firmware Subscribe
Hirouter-cd30-10 Subscribe
Hirouter-cd30-10 Firmware Subscribe
Hirouter-cd30-11 Subscribe
Hirouter-cd30-11 Firmware Subscribe
Hirouter-h1-10 Subscribe
Hirouter-h1-10 Firmware Subscribe
Tc5200-10 Subscribe
Tc5200-10 Firmware Subscribe
Ws5100-10 Subscribe
Ws5100-10 Firmware Subscribe
Ws5102-10 Subscribe
Ws5102-10 Firmware Subscribe
Ws5106-10 Subscribe
Ws5106-10 Firmware Subscribe
Ws5108-10 Subscribe
Ws5108-10 Firmware Subscribe
Ws5200-10 Subscribe
Ws5200-10 Firmware Subscribe
Ws5200-11 Subscribe
Ws5200-11 Firmware Subscribe
Ws5280-10 Subscribe
Ws5280-10 Firmware Subscribe
Ws5280-11 Subscribe
Ws5280-11 Firmware Subscribe
Ws6500-10 Subscribe
Ws6500-10 Firmware Subscribe
Ws6500-11 Subscribe
Ws6500-11 Firmware Subscribe
Ws826-10 Subscribe
Ws826-10 Firmware Subscribe

Configuration 1 [-]

AND
cpe:2.3:o:huawei:cd10-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:cd10-10:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:huawei:cd16-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:cd16-10:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:huawei:cd17-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:cd17-10:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:huawei:cd18-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:cd18-10:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:huawei:hirouter-cd15-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-cd15-10:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:huawei:hirouter-cd20-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-cd20-10:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:huawei:hirouter-cd21-16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-cd21-16:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:huawei:hirouter-cd30-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-cd30-10:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:huawei:hirouter-cd30-11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-cd30-11:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:huawei:hirouter-h1-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-h1-10:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:huawei:tc5200-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:tc5200-10:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:huawei:ws5100-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5100-10:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:huawei:ws5102-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5102-10:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:huawei:ws5106-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5106-10:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:huawei:ws5108-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5108-10:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:huawei:ws5200-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5200-10:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
OR cpe:2.3:o:huawei:ws5200-11_firmware:9.0.3.11:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ws5200-11_firmware:10.0.2.3:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5200-11:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:huawei:ws5280-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5280-10:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:huawei:ws5280-11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5280-11:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:huawei:ws6500-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws6500-10:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:huawei:ws6500-11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws6500-11:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:huawei:ws826-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws826-10:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2019-14873 Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2024-08-04T19:47:56.841Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5268

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-29T21:15:11.387

Modified: 2024-11-21T04:44:38.527

Link: CVE-2019-5268

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses