Search criteria
3 vulnerabilities found for ar2200s_firmware by huawei
FKIE_CVE-2019-5300
Vulnerability from fkie_nvd - Published: 2019-06-04 19:29 - Updated: 2024-11-21 04:44
Severity ?
Summary
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "F64071E5-6ACD-4E51-9162-B0FF3DC08E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "C623D44E-463B-49A3-81F8-AD219E035B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "75E27982-56E6-4A6F-9124-34C7420FDDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB8B580-EF85-44FE-A7A1-455CD5A7BF85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "3202830A-D5CF-411F-B94A-167576919F38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar1200e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8F6BA3-E2C0-410D-A5E5-6E95545E5467",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar1220c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC75BE34-DC7C-45F3-8F19-F703EF4D5982",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar1220ev:-:*:*:*:*:*:*:*",
"matchCriteriaId": "141A9CA7-59A5-4BA4-A7A7-C876A4426C00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar1220evw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14DAC925-7F20-45B9-B753-B7F0EEE3C7F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D125153E-FE39-49A7-95AA-9482C78E7114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0C5EF2-05D5-4DE5-AFA3-5394E51B33E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "DF226F5B-7BF8-4475-8C0C-91E2E43C6E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200-s_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE54D66-BE3A-492D-B381-4E63880D8088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200-s_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF5574-175F-4438-A1D1-0EAA8280388B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar1220f-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B043BAD-75CD-4D7B-BA3C-118519B64A39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar150_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "455D7A4E-523E-40C8-958D-59D128F3E797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar150_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "6B64AE02-D345-4628-A086-7C63C255707C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar150_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "25AB058D-C4EB-416F-ACD3-B6ACC2BD83AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar150_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "411499D2-DD34-4131-8310-0CCC351D28F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar150_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A87F4819-180D-488B-B8D8-C10B5076F9AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar158evw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37D521BD-2D68-494F-ADF3-CA836A9860FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar160_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5B15E8B7-9F4B-45F1-B4FF-B32AF8CEA9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar160_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "A685289C-08B1-43D4-9970-84A7FC75E54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar160_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "2D609298-9ACE-4726-AD04-6765D8F2C374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar160_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A07BC16A-C102-4B21-BF61-C7AE1452BA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar160_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "75124BF8-A5FC-46BB-83CF-0C2B7CF92F1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar161:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A206CEBA-27BF-4F73-9E16-DEC0B305BB9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161ew:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABF308C-9C4F-4C1E-ADD6-969CDF656BE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE33C6C9-87F8-42DC-89B1-7C3F5CDFE32E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161f-dgp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19316A6-DDB7-4181-9373-30DDF532E203",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161fg-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4917007C-227B-4F1D-AA58-76487A00DF87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161fgw-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB72AFF6-A296-497D-83D4-5C700FE9D635",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161fv-1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AD4730-5311-4477-8E10-421BE84912F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161fw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E39599B-F0F7-4BB8-9E02-91D470995EF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161g-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F89646-40DE-499F-9588-4FC7C13D1CCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EF0D65-C352-495A-8DD5-78AC66E8480C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar168f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0124D47-B343-45AD-A06F-9A186A499F84",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar168f-4p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "663A08C1-0F99-4050-A6DA-0081827283C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2734E4-B511-4C70-9B5F-8DA0A9963E26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169egw-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCACD162-8331-47CF-9F77-F71221565AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169ew:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAA155B-34BF-4F75-924D-FAB6601FCD46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58721B8C-8A6F-4889-B3D1-6433AB485E40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169fgw-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA425686-6C6C-4ADB-AC8A-D7FE924E340E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169fvw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81601B04-7FC6-4776-9EBC-3C825DA1B7F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169fvw-8s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1772765A-EE39-4AC0-A6BA-B79AC5D93A8A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169g-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B739B694-237A-4AF2-8A0E-63F902DFB656",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169jfvw-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD1519-AF5F-460F-90D6-4FF9CB7CD9EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70E1AE34-BEDD-437A-B1F0-606AF4409893",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar200_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "622686BB-9302-449F-9351-75B189D1B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar200_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "344D64D1-A9B3-4BFA-ACF3-B421ED427A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar200_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "A1ED9DF8-A444-4684-932D-12B4B2F98736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar200_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "C06FB07B-D74B-42A8-9CE7-CD3FC7217F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar200_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "0924BB8D-A8A8-4F0F-9CE7-198B399E0685",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8E24FB-1DD4-4DD8-8221-129C30C65E45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar2200_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "F377CE1E-77A7-447F-B692-A54682A26BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A7DDB3-4A2B-46A5-B952-F0FECF88373E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "64CC27CC-EE60-46DE-91CE-6C83AF1F7B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5658BAA0-3FCC-4DCB-BDD1-42D00263B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "158BF3D7-0195-4E73-A8A9-4536216C3CD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar2204-27ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CACBBC-327A-40A6-9DD1-49335B296238",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2204-27ge-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9079BB36-E42F-49D6-94D2-D9650A4C3E5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2204-51ge-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E128F1C9-577C-4F4A-B98B-AB268F703DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2204e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A614397B-C24D-4D69-B84A-05FBBC6AFC23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2204xe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67725998-BDD7-4624-8A9F-6CC594293B14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2220e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC3FEDF-D877-400A-AE16-7EA1C82E042E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD5CAC3-80C9-484D-B715-55FEC0543554",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2240c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C570769A-B882-4AB9-A6AC-381020A6BCA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar2200s_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "86D6EF09-27A6-493B-BDC6-D6C3AA7DB825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200s_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43441-15B2-4EE0-AB87-6004BA6DD6C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200s_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "078ED368-3950-49D1-BC31-523B83165EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200s_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A2639415-69D4-44E5-BDB5-28B3E09117A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200s_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7032EF-10C2-4E24-96F7-DEC39F7A1363",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar2200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BC03A9-BBAE-4712-AC58-0338EB572EBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "9752658E-3CF5-4D9E-98FB-D15FD892479C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D0F6C6-5A87-482B-8B2A-693AC7736CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar3200_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD70804-3A07-4C82-806B-5F5CA075ABF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar3200_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "73E5EE31-3D31-4C59-B2C1-B0BCF3294D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar3200_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5BCC5C-CDFB-4B52-8E2D-E85BEC28FD2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar3260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3898C07-F3A3-4C40-95EE-C2F524C5EB31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:srg1300_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "B319F31F-94D7-468F-8F71-96F40867AEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg1300_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "D578E607-CF83-4121-8AF9-EF1DBE5FE42F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg1300_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "65DEB87D-8F28-4AC6-9ADC-E13146011102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg1300_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "B68CB9B0-C32C-4EC5-81D0-ED23DB6D8EC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:srg1320vw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B98B6177-EFAF-493E-B02B-AE6095A1452F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:srg2300_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D10EBBF2-8F03-472C-96DB-C72E426E4E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg2300_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "D672376C-4256-4CFB-A515-56E31A6706AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg2300_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E8486420-C7CA-4296-A9B8-E4DDC1A23530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg2300_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB2C78B-0736-4AA2-A283-AD4441D7EBEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:srg2320e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93EAE9D3-6A9E-4E4F-9550-79EB303A5A83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:srg3300_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4619CF2C-AB5D-475A-ACF6-61EE02306F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg3300_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "43BAC724-4E88-4E3B-9F95-8086D68CADA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg3300_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "10511D02-503D-43AD-8306-FA1E9A52B8C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg3300_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A05A3FA6-0B32-40A2-BCCE-4395B3DCB2DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:srg3340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CA1C39E-E679-4EF4-8BF4-D1B46DD614E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de omisi\u00f3n de verificaci\u00f3n de firma digital en los routers Huawei AR1200, AR1200-S, AR150, AR160, AR20000, AR2200-S, AR3200, SRG1300, SRG2300 y SRG3300. La vulnerabilidad se debe a que el software afectado verifica incorrectamente las firmas digitales de la imagen del software en el dispositivo afectado. Un atacante local con alto privilegio puede aprovechar la vulnerabilidad para omitir las comprobaciones de integridad de las im\u00e1genes de software e instalar una imagen de software malintencionado en el dispositivo afectado."
}
],
"id": "CVE-2019-5300",
"lastModified": "2024-11-21T04:44:42.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-04T19:29:00.633",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-5300 (GCVE-0-2019-5300)
Vulnerability from cvelistv5 – Published: 2019-06-04 18:30 – Updated: 2024-08-04 19:54
VLAI?
Summary
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
Severity ?
No CVSS data available.
CWE
- digital signature verification bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei | AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300, SRG3300 |
Affected:
AR1200 V200R008C50
Affected: AR1200 V200R009C00 Affected: AR1200 V200R010C00 Affected: AR1200-S V200R007C00 Affected: AR1200-S V200R008C20 Affected: AR1200-S V200R008C50 Affected: AR1200-S V200R009C00 Affected: AR1200-S V200R010C00 Affected: AR150 V200R007C00 Affected: AR150 V200R008C20 Affected: AR150 V200R008C50 Affected: AR150 V200R009C00 Affected: AR150 V200R010C00 Affected: AR160 V200R007C00 Affected: AR160 V200R008C20 Affected: AR160 V200R008C50 Affected: AR160 V200R009C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:52.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300, SRG3300",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "AR1200 V200R008C50"
},
{
"status": "affected",
"version": "AR1200 V200R009C00"
},
{
"status": "affected",
"version": "AR1200 V200R010C00"
},
{
"status": "affected",
"version": "AR1200-S V200R007C00"
},
{
"status": "affected",
"version": "AR1200-S V200R008C20"
},
{
"status": "affected",
"version": "AR1200-S V200R008C50"
},
{
"status": "affected",
"version": "AR1200-S V200R009C00"
},
{
"status": "affected",
"version": "AR1200-S V200R010C00"
},
{
"status": "affected",
"version": "AR150 V200R007C00"
},
{
"status": "affected",
"version": "AR150 V200R008C20"
},
{
"status": "affected",
"version": "AR150 V200R008C50"
},
{
"status": "affected",
"version": "AR150 V200R009C00"
},
{
"status": "affected",
"version": "AR150 V200R010C00"
},
{
"status": "affected",
"version": "AR160 V200R007C00"
},
{
"status": "affected",
"version": "AR160 V200R008C20"
},
{
"status": "affected",
"version": "AR160 V200R008C50"
},
{
"status": "affected",
"version": "AR160 V200R009C00"
}
]
}
],
"datePublic": "2019-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "digital signature verification bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-04T18:30:58",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300, SRG3300",
"version": {
"version_data": [
{
"version_value": "AR1200 V200R008C50"
},
{
"version_value": "AR1200 V200R009C00"
},
{
"version_value": "AR1200 V200R010C00"
},
{
"version_value": "AR1200-S V200R007C00"
},
{
"version_value": "AR1200-S V200R008C20"
},
{
"version_value": "AR1200-S V200R008C50"
},
{
"version_value": "AR1200-S V200R009C00"
},
{
"version_value": "AR1200-S V200R010C00"
},
{
"version_value": "AR150 V200R007C00"
},
{
"version_value": "AR150 V200R008C20"
},
{
"version_value": "AR150 V200R008C50"
},
{
"version_value": "AR150 V200R009C00"
},
{
"version_value": "AR150 V200R010C00"
},
{
"version_value": "AR160 V200R007C00"
},
{
"version_value": "AR160 V200R008C20"
},
{
"version_value": "AR160 V200R008C50"
},
{
"version_value": "AR160 V200R009C00"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "digital signature verification bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5300",
"datePublished": "2019-06-04T18:30:58",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:52.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5300 (GCVE-0-2019-5300)
Vulnerability from nvd – Published: 2019-06-04 18:30 – Updated: 2024-08-04 19:54
VLAI?
Summary
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
Severity ?
No CVSS data available.
CWE
- digital signature verification bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei | AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300, SRG3300 |
Affected:
AR1200 V200R008C50
Affected: AR1200 V200R009C00 Affected: AR1200 V200R010C00 Affected: AR1200-S V200R007C00 Affected: AR1200-S V200R008C20 Affected: AR1200-S V200R008C50 Affected: AR1200-S V200R009C00 Affected: AR1200-S V200R010C00 Affected: AR150 V200R007C00 Affected: AR150 V200R008C20 Affected: AR150 V200R008C50 Affected: AR150 V200R009C00 Affected: AR150 V200R010C00 Affected: AR160 V200R007C00 Affected: AR160 V200R008C20 Affected: AR160 V200R008C50 Affected: AR160 V200R009C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:52.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300, SRG3300",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "AR1200 V200R008C50"
},
{
"status": "affected",
"version": "AR1200 V200R009C00"
},
{
"status": "affected",
"version": "AR1200 V200R010C00"
},
{
"status": "affected",
"version": "AR1200-S V200R007C00"
},
{
"status": "affected",
"version": "AR1200-S V200R008C20"
},
{
"status": "affected",
"version": "AR1200-S V200R008C50"
},
{
"status": "affected",
"version": "AR1200-S V200R009C00"
},
{
"status": "affected",
"version": "AR1200-S V200R010C00"
},
{
"status": "affected",
"version": "AR150 V200R007C00"
},
{
"status": "affected",
"version": "AR150 V200R008C20"
},
{
"status": "affected",
"version": "AR150 V200R008C50"
},
{
"status": "affected",
"version": "AR150 V200R009C00"
},
{
"status": "affected",
"version": "AR150 V200R010C00"
},
{
"status": "affected",
"version": "AR160 V200R007C00"
},
{
"status": "affected",
"version": "AR160 V200R008C20"
},
{
"status": "affected",
"version": "AR160 V200R008C50"
},
{
"status": "affected",
"version": "AR160 V200R009C00"
}
]
}
],
"datePublic": "2019-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "digital signature verification bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-04T18:30:58",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300, SRG3300",
"version": {
"version_data": [
{
"version_value": "AR1200 V200R008C50"
},
{
"version_value": "AR1200 V200R009C00"
},
{
"version_value": "AR1200 V200R010C00"
},
{
"version_value": "AR1200-S V200R007C00"
},
{
"version_value": "AR1200-S V200R008C20"
},
{
"version_value": "AR1200-S V200R008C50"
},
{
"version_value": "AR1200-S V200R009C00"
},
{
"version_value": "AR1200-S V200R010C00"
},
{
"version_value": "AR150 V200R007C00"
},
{
"version_value": "AR150 V200R008C20"
},
{
"version_value": "AR150 V200R008C50"
},
{
"version_value": "AR150 V200R009C00"
},
{
"version_value": "AR150 V200R010C00"
},
{
"version_value": "AR160 V200R007C00"
},
{
"version_value": "AR160 V200R008C20"
},
{
"version_value": "AR160 V200R008C50"
},
{
"version_value": "AR160 V200R009C00"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "digital signature verification bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5300",
"datePublished": "2019-06-04T18:30:58",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:52.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}