CVE-2019-5269

Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.

Published: Nov 29, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5269
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
huawei / cd10-10_firmware	10.0.2.2	10.0.2.7
huawei / cd16-10_firmware	10.0.2.3	10.0.2.5
huawei / cd17-10_firmware	9.0.3.3	10.0.2.5
huawei / cd18-10_firmware	9.0.2.23	10.0.2.5
huawei / hirouter-cd15-10_firmware	9.0.2.3	10.0.2.5
huawei / hirouter-cd20-10_firmware	9.0.3.9	10.0.2.6
huawei / hirouter-cd21-16_firmware	9.0.3.9	10.0.2.5
huawei / hirouter-cd30-10_firmware	10.0.2.8	10.0.2.9
huawei / hirouter-cd30-11_firmware	10.0.2.8	10.0.2.9
huawei / hirouter-h1-10_firmware	9.0.3.11	10.0.2.5
huawei / tc5200-10_firmware	10.0.2.3	10.0.2.5
huawei / ws5100-10_firmware	9.0.3.11	10.0.2.7
huawei / ws5102-10_firmware	10.0.2.2	10.0.2.7
huawei / ws5106-10_firmware	10.0.2.2	10.0.2.7
huawei / ws5108-10_firmware	10.0.2.2	10.0.2.7
huawei / ws5200-10_firmware	9.0.3.9	10.0.2.6
huawei / ws5200-11_firmware	9.0.3.11	9.0.3.11.x
huawei / ws5200-11_firmware	10.0.2.3	10.0.2.3.x
huawei / ws5280-10_firmware	9.0.3.22	10.0.2.6
huawei / ws5280-11_firmware	9.0.3.22	10.0.2.6
huawei / ws6500-10_firmware	10.0.2.3	10.0.2.5
huawei / ws6500-11_firmware	10.0.2.2	10.0.2.7
huawei / ws826-10_firmware	9.0.3.11	10.0.2.5

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en

Vulnerability Database

289,697

CVE-2019-5269