Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00064.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a CD10-10, CD16-10, CD17-10, CD18-10, HiRouter-CD15-10, HiRouter-CD20-10, HiRouter-CD21-16, HiRouter-CD30-10, HiRouter-CD30-11, HiRouter-H1-10, TC5200-10, WS5100-10, WS5102-10, WS5106-10, WS5108-10, WS5200-10, WS5200-11, , WS5280-10, WS5280-11, WS6500-10, WS6500-11, WS826-10 affected
Version Status Constraints
10.0.2.2, 10.0.2.3, 9.0.3.3, 9.0.2.23, 9.0.2.3, 9.0.3.9, 10.0.2.8, 9.0.3.11, 9.0.3.22 affected

Configuration 1 [-]

AND
cpe:2.3:o:huawei:cd10-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:cd10-10:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:huawei:cd16-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:cd16-10:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:huawei:cd17-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:cd17-10:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:huawei:cd18-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:cd18-10:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:huawei:hirouter-cd15-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-cd15-10:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:huawei:hirouter-cd20-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-cd20-10:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:huawei:hirouter-cd21-16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-cd21-16:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:huawei:hirouter-cd30-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-cd30-10:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:huawei:hirouter-cd30-11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-cd30-11:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:huawei:hirouter-h1-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:hirouter-h1-10:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:huawei:tc5200-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:tc5200-10:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:huawei:ws5100-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5100-10:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:huawei:ws5102-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5102-10:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:huawei:ws5106-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5106-10:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:huawei:ws5108-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5108-10:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:huawei:ws5200-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5200-10:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
OR cpe:2.3:o:huawei:ws5200-11_firmware:9.0.3.11:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ws5200-11_firmware:10.0.2.3:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5200-11:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:huawei:ws5280-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5280-10:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:huawei:ws5280-11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws5280-11:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:huawei:ws6500-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws6500-10:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:huawei:ws6500-11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws6500-11:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:huawei:ws826-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ws826-10:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Huawei Subscribe
Cd10-10 Subscribe
Cd10-10 Firmware Subscribe
Cd16-10 Subscribe
Cd16-10 Firmware Subscribe
Cd17-10 Subscribe
Cd17-10 Firmware Subscribe
Cd18-10 Subscribe
Cd18-10 Firmware Subscribe
Hirouter-cd15-10 Subscribe
Hirouter-cd15-10 Firmware Subscribe
Hirouter-cd20-10 Subscribe
Hirouter-cd20-10 Firmware Subscribe
Hirouter-cd21-16 Subscribe
Hirouter-cd21-16 Firmware Subscribe
Hirouter-cd30-10 Subscribe
Hirouter-cd30-10 Firmware Subscribe
Hirouter-cd30-11 Subscribe
Hirouter-cd30-11 Firmware Subscribe
Hirouter-h1-10 Subscribe
Hirouter-h1-10 Firmware Subscribe
Tc5200-10 Subscribe
Tc5200-10 Firmware Subscribe
Ws5100-10 Subscribe
Ws5100-10 Firmware Subscribe
Ws5102-10 Subscribe
Ws5102-10 Firmware Subscribe
Ws5106-10 Subscribe
Ws5106-10 Firmware Subscribe
Ws5108-10 Subscribe
Ws5108-10 Firmware Subscribe
Ws5200-10 Subscribe
Ws5200-10 Firmware Subscribe
Ws5200-11 Subscribe
Ws5200-11 Firmware Subscribe
Ws5280-10 Subscribe
Ws5280-10 Firmware Subscribe
Ws5280-11 Subscribe
Ws5280-11 Firmware Subscribe
Ws6500-10 Subscribe
Ws6500-10 Firmware Subscribe
Ws6500-11 Subscribe
Ws6500-11 Firmware Subscribe
Ws826-10 Subscribe
Ws826-10 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2019-14874 Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2024-08-04T19:47:57.024Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5269

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-29T20:15:12.083

Modified: 2024-11-21T04:44:38.663

Link: CVE-2019-5269

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses