CVE-2019-5291
First published: Fri Dec 13 2019(Updated: )
Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei AR120-S | =v200r005c20 | |
| Huawei AR120-S | =v200r006c10 | |
| Huawei AR120-S | =v200r007c00 | |
| Huawei AR120-S | =v200r008c50 | |
| Huawei AR120 firmware | ||
| Huawei ar1200 firmware | =v200r005c00 | |
| Huawei ar1200 firmware | =v200r006c10 | |
| Huawei ar1200 firmware | =v200r007c00 | |
| Huawei ar1200 firmware | =v200r008c50 | |
| Huawei AR1200 | ||
| Huawei ar1200-s firmware | =v200r005c20 | |
| Huawei ar1200-s firmware | =v200r006c10 | |
| Huawei ar1200-s firmware | =v200r007c00 | |
| Huawei ar1200-s firmware | =v200r008c50 | |
| Huawei ar1200-s | ||
| Huawei ar150 firmware | =v200r005c20 | |
| Huawei ar150 firmware | =v200r006c10 | |
| Huawei ar150 firmware | =v200r007c00 | |
| Huawei ar150 firmware | =v200r008c50 | |
| Huawei AR 150 | ||
| Huawei ar150-s firmware | =v200r005c20 | |
| Huawei ar150-s firmware | =v200r006c10 | |
| Huawei ar150-s firmware | =v200r007c00 | |
| Huawei ar150-s firmware | =v200r008c50 | |
| Huawei ar150-s | ||
| Huawei AR160 Firmware | =v200r005c20 | |
| Huawei AR160 Firmware | =v200r006c10 | |
| Huawei AR160 Firmware | =v200r007c00 | |
| Huawei AR160 Firmware | =v200r008c50 | |
| Huawei AR160 Firmware | ||
| Huawei AR200 Firmware | =v200r005c20 | |
| Huawei AR200 Firmware | =v200r006c10 | |
| Huawei AR200 Firmware | =v200r007c00 | |
| Huawei AR200 Firmware | =v200r008c50 | |
| Huawei AR200 | ||
| Huawei AR200-S Firmware | =v200r005c20 | |
| Huawei AR200-S Firmware | =v200r006c10 | |
| Huawei AR200-S Firmware | =v200r007c00 | |
| Huawei AR200-S Firmware | =v200r008c50 | |
| Huawei AR200-S Firmware | ||
| Huawei AR2200 Series Firmware | =v200r005c20 | |
| Huawei AR2200 Series Firmware | =v200r006c10 | |
| Huawei AR2200 Series Firmware | =v200r007c00 | |
| Huawei AR2200 Series Firmware | =v200r008c50 | |
| Huawei AR2200 Series Firmware | ||
| Huawei AR2200 Series Firmware | =v200r005c20 | |
| Huawei AR2200 Series Firmware | =v200r006c10 | |
| Huawei AR2200 Series Firmware | =v200r007c00 | |
| Huawei AR2200 Series Firmware | =v200r008c50 | |
| Huawei AR2200-S | ||
| Huawei AR3200 | =v200r005c20 | |
| Huawei AR3200 | =v200r006c10 | |
| Huawei AR3200 | =v200r007c00 | |
| Huawei AR3200 | =v200r008c50 | |
| Huawei AR3200 firmware | ||
| Huawei AR3600 Firmware | =v200r006c10 | |
| Huawei AR3600 Firmware | =v200r007c00 | |
| Huawei AR3600 Firmware | =v200r008c50 | |
| Huawei AR3600 Firmware | ||
| Huawei CloudEngine 12800 | =v200r002c10 | |
| Huawei CloudEngine 12800 | =v200r002c20 | |
| Huawei CloudEngine 12800 | ||
| Huawei NetEngine 16EX firmware | =v200r005c20 | |
| Huawei NetEngine 16EX firmware | =v200r006c10 | |
| Huawei NetEngine 16EX firmware | =v200r007c00 | |
| Huawei NetEngine 16EX firmware | =v200r008c50 | |
| Huawei NetEngine 16EX | ||
| Huawei 6700EI firmware | =v200r008c00 | |
| Huawei 6700EI firmware | =v200r010c00spc300 | |
| Huawei 6700EI firmware | =v200r010c00spc600 | |
| Huawei 6700EI firmware | =v200r011c00spc200 | |
| Huawei S6700 Firmware | ||
| Huawei SRG1300 Firmware | =v200r005c20 | |
| Huawei SRG1300 Firmware | =v200r006c10 | |
| Huawei SRG1300 Firmware | =v200r007c00 | |
| Huawei SRG1300 Firmware | =v200r008c50 | |
| Huawei SRG1300 | ||
| Huawei SRG2300 | =v200r005c20 | |
| Huawei SRG2300 | =v200r006c10 | |
| Huawei SRG2300 | =v200r007c00 | |
| Huawei SRG2300 | =v200r008c50 | |
| Huawei SRG2300 | ||
| Huawei SRG3300 | =v200r005c20 | |
| Huawei SRG3300 | =v200r006c10 | |
| Huawei SRG3300 | =v200r007c00 | |
| Huawei SRG3300 | =v200r008c50 | |
| Huawei SRG3300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-5291?
The severity of CVE-2019-5291 is significant as it allows remote, unauthenticated attackers to manipulate data packets.
How do I fix CVE-2019-5291?
To fix CVE-2019-5291, it is recommended to upgrade to the latest firmware versions provided by Huawei.
Which devices are affected by CVE-2019-5291?
Affected devices include various versions of Huawei AR1200, AR150, AR200, AR2200, AR3200, and others listed in the CVE.
What type of vulnerability is CVE-2019-5291?
CVE-2019-5291 is a data authenticity vulnerability that results from insufficient packet verification.
Can CVE-2019-5291 be exploited without authentication?
Yes, CVE-2019-5291 can be exploited by remote attackers without any authentication.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei ar120-s
- version/huawei ar120-s/v200r005c20
- version/huawei ar120-s/v200r006c10
- version/huawei ar120-s/v200r007c00
- version/huawei ar120-s/v200r008c50
- canonical/huawei ar120 firmware
- canonical/huawei ar1200 firmware
- version/huawei ar1200 firmware/v200r005c00
- version/huawei ar1200 firmware/v200r006c10
- version/huawei ar1200 firmware/v200r007c00
- version/huawei ar1200 firmware/v200r008c50
- canonical/huawei ar1200
- canonical/huawei ar1200-s firmware
- version/huawei ar1200-s firmware/v200r005c20
- version/huawei ar1200-s firmware/v200r006c10
- version/huawei ar1200-s firmware/v200r007c00
- version/huawei ar1200-s firmware/v200r008c50
- canonical/huawei ar1200-s
- canonical/huawei ar150 firmware
- version/huawei ar150 firmware/v200r005c20
- version/huawei ar150 firmware/v200r006c10
- version/huawei ar150 firmware/v200r007c00
- version/huawei ar150 firmware/v200r008c50
- canonical/huawei ar 150
- canonical/huawei ar150-s firmware
- version/huawei ar150-s firmware/v200r005c20
- version/huawei ar150-s firmware/v200r006c10
- version/huawei ar150-s firmware/v200r007c00
- version/huawei ar150-s firmware/v200r008c50
- canonical/huawei ar150-s
- canonical/huawei ar160 firmware
- version/huawei ar160 firmware/v200r005c20
- version/huawei ar160 firmware/v200r006c10
- version/huawei ar160 firmware/v200r007c00
- version/huawei ar160 firmware/v200r008c50
- canonical/huawei ar200 firmware
- version/huawei ar200 firmware/v200r005c20
- version/huawei ar200 firmware/v200r006c10
- version/huawei ar200 firmware/v200r007c00
- version/huawei ar200 firmware/v200r008c50
- canonical/huawei ar200
- canonical/huawei ar200-s firmware
- version/huawei ar200-s firmware/v200r005c20
- version/huawei ar200-s firmware/v200r006c10
- version/huawei ar200-s firmware/v200r007c00
- version/huawei ar200-s firmware/v200r008c50
- canonical/huawei ar2200 series firmware
- version/huawei ar2200 series firmware/v200r005c20
- version/huawei ar2200 series firmware/v200r006c10
- version/huawei ar2200 series firmware/v200r007c00
- version/huawei ar2200 series firmware/v200r008c50
- canonical/huawei ar2200-s
- canonical/huawei ar3200
- version/huawei ar3200/v200r005c20
- version/huawei ar3200/v200r006c10
- version/huawei ar3200/v200r007c00
- version/huawei ar3200/v200r008c50
- canonical/huawei ar3200 firmware
- canonical/huawei ar3600 firmware
- version/huawei ar3600 firmware/v200r006c10
- version/huawei ar3600 firmware/v200r007c00
- version/huawei ar3600 firmware/v200r008c50
- canonical/huawei cloudengine 12800
- version/huawei cloudengine 12800/v200r002c10
- version/huawei cloudengine 12800/v200r002c20
- canonical/huawei netengine 16ex firmware
- version/huawei netengine 16ex firmware/v200r005c20
- version/huawei netengine 16ex firmware/v200r006c10
- version/huawei netengine 16ex firmware/v200r007c00
- version/huawei netengine 16ex firmware/v200r008c50
- canonical/huawei netengine 16ex
- canonical/huawei 6700ei firmware
- version/huawei 6700ei firmware/v200r008c00
- version/huawei 6700ei firmware/v200r010c00spc300
- version/huawei 6700ei firmware/v200r010c00spc600
- version/huawei 6700ei firmware/v200r011c00spc200
- canonical/huawei s6700 firmware
- canonical/huawei srg1300 firmware
- version/huawei srg1300 firmware/v200r005c20
- version/huawei srg1300 firmware/v200r006c10
- version/huawei srg1300 firmware/v200r007c00
- version/huawei srg1300 firmware/v200r008c50
- canonical/huawei srg1300
- canonical/huawei srg2300
- version/huawei srg2300/v200r005c20
- version/huawei srg2300/v200r006c10
- version/huawei srg2300/v200r007c00
- version/huawei srg2300/v200r008c50
- canonical/huawei srg3300
- version/huawei srg3300/v200r005c20
- version/huawei srg3300/v200r006c10
- version/huawei srg3300/v200r007c00
- version/huawei srg3300/v200r008c50