Lucene search

Huawei TechnologiesHUAWEI-SA-20191113-01-HOMEROUTER

HistoryNov 13, 2019 - 12:00 a.m.

Security Advisory - Two Vulnerabilities in Some Huawei Home Routers

2019-11-1300:00:00

Huawei Technologies

www.huawei.com

4.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

30.6%

JSON

Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories. (Vulnerability ID: HWPSIRT-2019-08045)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5268.

Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege. (Vulnerability ID: HWPSIRT-2019-08067)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5269.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en

Affected configurations

Vulners

Node

huaweicd10-10Match10.0.2.2

huaweicd16-10Match10.0.2.3

huaweicd17-10Match9.0.3.3

huaweicd18-10Match9.0.2.23

huaweihirouter-cd15-10Match9.0.2.3

huaweihirouter-cd20-10Match9.0.3.9

huaweihirouter-cd21-16Match9.0.3.9

huaweihirouter-cd30-10Match10.0.2.8

huaweihirouter-cd30-11Match10.0.2.8

huaweihirouter-h1-10Match9.0.3.11

huaweitc5200-10Match10.0.2.3

huaweiws5100-10Match9.0.3.11

huaweiws5102-10Match10.0.2.2

huaweiws5106-10Match10.0.2.2

huaweiws5108-10Match10.0.2.2

huaweiws5200-10Match9.0.3.9

huaweiws5200-11Match10.0.2.3

huaweiws5200-11Match9.0.3.11

huaweiws5280-10Match9.0.3.22

huaweiws5280-11Match9.0.3.22

huaweiws6500-10Match10.0.2.3

huaweiws6500-11Match10.0.2.2

huaweiws826-10Match9.0.3.11

huaweiws833-10Match8.1.17.5

huaweiws851-10Match9.0.3.7

huaweiws851-11Match9.0.3.6

huaweiws852-10Match9.0.3.7

CPENameOperatorVersion
cd10-10eq10.0.2.2
cd16-10eq10.0.2.3
cd17-10eq9.0.3.3
cd18-10eq9.0.2.23
hirouter-cd15-10eq9.0.2.3
hirouter-cd20-10eq9.0.3.9
hirouter-cd21-16eq9.0.3.9
hirouter-cd30-10eq10.0.2.8
hirouter-cd30-11eq10.0.2.8
hirouter-h1-10eq9.0.3.11

Name	Operator	Version
cd10-10	eq	10.0.2.2
cd16-10	eq	10.0.2.3
cd17-10	eq	9.0.3.3
cd18-10	eq	9.0.2.23
hirouter-cd15-10	eq	9.0.2.3
hirouter-cd20-10	eq	9.0.3.9
hirouter-cd21-16	eq	9.0.3.9
hirouter-cd30-10	eq	10.0.2.8
hirouter-cd30-11	eq	10.0.2.8
hirouter-h1-10	eq	9.0.3.11

Rows per page:

1-10 of 271

4.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

30.6%

JSON

Related for HUAWEI-SA-20191113-01-HOMEROUTER