Input Validation Flaw in Huawei Home Routers
CVE-2019-5268

8.1HIGH

Key Information:

Vendor
Huawei
Status
Cd10-10, Cd16-10, Cd17-10, Cd18-10, Hirouter-cd15-10, Hirouter-cd20-10, Hirouter-cd21-16, Hirouter-cd30-10, Hirouter-cd30-11, Hirouter-h1-10, Tc5200-10, Ws5100-10, Ws5102-10, Ws5106-10, Ws5108-10, Ws5200-10, Ws5200-11, , Ws5280-10, Ws5280-11, Ws6500-10, Ws6500-11, Ws826-10
Vendor
CVE Published:
29 November 2019

Summary

Certain Huawei home routers are affected by an input validation flaw that could allow attackers to manipulate input parameters. This vulnerability enables unauthorized individuals to send specially crafted packets to the device, potentially gaining access to sensitive files and allowing malicious file uploads to vulnerable directories. Addressing this issue is crucial for maintaining network security and safeguarding personal data stored on affected devices.

Affected Version(s)

CD10-10, CD16-10, CD17-10, CD18-10, HiRouter-CD15-10, HiRouter-CD20-10, HiRouter-CD21-16, HiRouter-CD30-10, HiRouter-CD30-11, HiRouter-H1-10, TC5200-10, WS5100-10, WS5102-10, WS5106-10, WS5108-10, WS5200-10, WS5200-11, , WS5280-10, WS5280-11, WS6500-10, WS6500-11, WS826-10 10.0.2.2, 10.0.2.3, 9.0.3.3, 9.0.2.23, 9.0.2.3, 9.0.3.9, 10.0.2.8, 9.0.3.11, 9.0.3.22

References

http://www.huawei.com/en/psirt/security-advisories/huawei...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.