CVE-2019-5300

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.

Published: Jun 4, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5300
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-347

Affected Software
References

Software	From	Fixed in
huawei / ar1200_firmware	200r007c00	200r007c00.x
huawei / ar1200_firmware	200r008c20	200r008c20.x
huawei / ar1200_firmware	200r008c50	200r008c50.x
huawei / ar1200_firmware	200r009c00	200r009c00.x
huawei / ar1200_firmware	200r010c00	200r010c00.x
huawei / ar1200-s_firmware	200r007c00	200r007c00.x
huawei / ar1200-s_firmware	200r008c20	200r008c20.x
huawei / ar1200-s_firmware	200r008c50	200r008c50.x
huawei / ar1200-s_firmware	200r009c00	200r009c00.x
huawei / ar1200-s_firmware	200r010c00	200r010c00.x
huawei / ar150_firmware	200r007c00	200r007c00.x
huawei / ar150_firmware	200r008c20	200r008c20.x
huawei / ar150_firmware	200r008c50	200r008c50.x
huawei / ar150_firmware	200r009c00	200r009c00.x
huawei / ar150_firmware	200r010c00	200r010c00.x
huawei / ar160_firmware	200r007c00	200r007c00.x
huawei / ar160_firmware	200r008c20	200r008c20.x
huawei / ar160_firmware	200r008c50	200r008c50.x
huawei / ar160_firmware	200r009c00	200r009c00.x
huawei / ar160_firmware	200r010c00	200r010c00.x
huawei / ar200_firmware	200r007c00	200r007c00.x
huawei / ar200_firmware	200r008c20	200r008c20.x
huawei / ar200_firmware	200r008c50	200r008c50.x
huawei / ar200_firmware	200r009c00	200r009c00.x
huawei / ar200_firmware	200r010c00	200r010c00.x
huawei / ar2200_firmware	200r007c00	200r007c00.x
huawei / ar2200_firmware	200r008c20	200r008c20.x
huawei / ar2200_firmware	200r008c50	200r008c50.x
huawei / ar2200_firmware	200r009c00	200r009c00.x
huawei / ar2200_firmware	200r010c00	200r010c00.x
huawei / ar2200s_firmware	200r007c00	200r007c00.x
huawei / ar2200s_firmware	200r008c20	200r008c20.x
huawei / ar2200s_firmware	200r008c50	200r008c50.x
huawei / ar2200s_firmware	200r009c00	200r009c00.x
huawei / ar2200s_firmware	200r010c00	200r010c00.x
huawei / ar3200_firmware	200r007c00	200r007c00.x
huawei / ar3200_firmware	200r008c20	200r008c20.x
huawei / ar3200_firmware	200r008c50	200r008c50.x
huawei / ar3200_firmware	200r009c00	200r009c00.x
huawei / ar3200_firmware	200r010c00	200r010c00.x
huawei / srg1300_firmware	200r007c00	200r007c00.x
huawei / srg1300_firmware	200r008c50	200r008c50.x
huawei / srg1300_firmware	200r009c00	200r009c00.x
huawei / srg1300_firmware	200r010c00	200r010c00.x
huawei / srg2300_firmware	200r007c00	200r007c00.x
huawei / srg2300_firmware	200r008c50	200r008c50.x
huawei / srg2300_firmware	200r009c00	200r009c00.x
huawei / srg2300_firmware	200r010c00	200r010c00.x
huawei / srg3300_firmware	200r007c00	200r007c00.x
huawei / srg3300_firmware	200r008c50	200r008c50.x
huawei / srg3300_firmware	200r009c00	200r009c00.x
huawei / srg3300_firmware	200r010c00	200r010c00.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en

Vulnerability Database

289,599

CVE-2019-5300