CVE-2019-5269

Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.

Published: Nov 29, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-5269
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
huawei / cd10-10_firmware	10.0.2.2	10.0.2.7
huawei / cd16-10_firmware	10.0.2.3	10.0.2.5
huawei / cd17-10_firmware	9.0.3.3	10.0.2.5
huawei / cd18-10_firmware	9.0.2.23	10.0.2.5
huawei / hirouter-cd15-10_firmware	9.0.2.3	10.0.2.5
huawei / hirouter-cd20-10_firmware	9.0.3.9	10.0.2.6
huawei / hirouter-cd21-16_firmware	9.0.3.9	10.0.2.5
huawei / hirouter-cd30-10_firmware	10.0.2.8	10.0.2.9
huawei / hirouter-cd30-11_firmware	10.0.2.8	10.0.2.9
huawei / hirouter-h1-10_firmware	9.0.3.11	10.0.2.5
huawei / tc5200-10_firmware	10.0.2.3	10.0.2.5
huawei / ws5100-10_firmware	9.0.3.11	10.0.2.7
huawei / ws5102-10_firmware	10.0.2.2	10.0.2.7
huawei / ws5106-10_firmware	10.0.2.2	10.0.2.7
huawei / ws5108-10_firmware	10.0.2.2	10.0.2.7
huawei / ws5200-10_firmware	9.0.3.9	10.0.2.6
huawei / ws5200-11_firmware	9.0.3.11	9.0.3.11.x
huawei / ws5200-11_firmware	10.0.2.3	10.0.2.3.x
huawei / ws5280-10_firmware	9.0.3.22	10.0.2.6
huawei / ws5280-11_firmware	9.0.3.22	10.0.2.6
huawei / ws6500-10_firmware	10.0.2.3	10.0.2.5
huawei / ws6500-11_firmware	10.0.2.2	10.0.2.7
huawei / ws826-10_firmware	9.0.3.11	10.0.2.5

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191113-01-homerouter-en

Vulnerability Database

308,484

CVE-2019-5269

Deep Security Visibility Without the Complexity