CVE-2019-5294
First published: Wed Nov 13 2019(Updated: )
There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei AR120-S | =v200r005c20 | |
| Huawei AR120-S | =v200r006c10 | |
| Huawei AR120-S | =v200r007c00 | |
| Huawei AR120 firmware | ||
| Huawei ar1200 firmware | =v200r005c20 | |
| Huawei ar1200 firmware | =v200r006c10 | |
| Huawei ar1200 firmware | =v200r007c00 | |
| Huawei AR1200 | ||
| Huawei ar1200-s firmware | =v200r005c20 | |
| Huawei ar1200-s firmware | =v200r006c10 | |
| Huawei ar1200-s firmware | =v200r007c00 | |
| Huawei ar1200-s | ||
| Huawei ar150 firmware | =v200r005c20 | |
| Huawei ar150 firmware | =v200r006c10 | |
| Huawei ar150 firmware | =v200r007c00 | |
| Huawei AR 150 | ||
| Huawei ar150-s firmware | =v200r005c20 | |
| Huawei ar150-s firmware | =v200r006c10 | |
| Huawei ar150-s firmware | =v200r007c00 | |
| Huawei ar150-s | ||
| Huawei AR160 Firmware | =v200r005c20 | |
| Huawei AR160 Firmware | =v200r006c10 | |
| Huawei AR160 Firmware | =v200r007c00 | |
| Huawei AR160 Firmware | ||
| Huawei AR200 Firmware | =v200r005c20 | |
| Huawei AR200 Firmware | =v200r006c10 | |
| Huawei AR200 Firmware | =v200r007c00 | |
| Huawei AR200 | ||
| Huawei AR200-S Firmware | =v200r005c20 | |
| Huawei AR200-S Firmware | =v200r006c10 | |
| Huawei AR200-S Firmware | =v200r007c00 | |
| Huawei AR200-S Firmware | ||
| Huawei AR2200 Series Firmware | =v200r005c20 | |
| Huawei AR2200 Series Firmware | =v200r006c10 | |
| Huawei AR2200 Series Firmware | =v200r007c00 | |
| Huawei AR2200 Series Firmware | ||
| Huawei AR2200 Series Firmware | =v200r005c20 | |
| Huawei AR2200 Series Firmware | =v200r006c10 | |
| Huawei AR2200 Series Firmware | =v200r007c00 | |
| Huawei AR2200-S | ||
| Huawei AR3200 | =v200r005c20 | |
| Huawei AR3200 | =v200r006c10 | |
| Huawei AR3200 firmware | ||
| Huawei AR3600 Firmware | =v200r006c10 | |
| Huawei AR3600 Firmware | =v200r007c00 | |
| Huawei AR3600 Firmware | ||
| Huawei NetEngine 16EX firmware | =v200r005c20 | |
| Huawei NetEngine 16EX firmware | =v200r006c10 | |
| Huawei NetEngine 16EX firmware | =v200r007c00 | |
| Huawei NetEngine 16EX | ||
| Huawei SRG1300 Firmware | =v200r005c20 | |
| Huawei SRG1300 Firmware | =v200r006c10 | |
| Huawei SRG1300 Firmware | =v200r007c00 | |
| Huawei SRG1300 | ||
| Huawei SRG2300 | =v200r005c20 | |
| Huawei SRG2300 | =v200r006c10 | |
| Huawei SRG2300 | =v200r007c00 | |
| Huawei SRG2300 | ||
| Huawei SRG3300 | =v200r005c20 | |
| Huawei SRG3300 | =v200r006c10 | |
| Huawei SRG3300 | =v200r007c00 | |
| Huawei SRG3300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-5294?
CVE-2019-5294 has a high severity rating due to its potential to allow remote, unauthenticated access to affected Huawei products.
How do I fix CVE-2019-5294?
To fix CVE-2019-5294, update the affected Huawei firmware versions to the latest security patches provided by Huawei.
Which Huawei products are affected by CVE-2019-5294?
CVE-2019-5294 affects multiple Huawei products including the AR1200, AR150, AR160, AR200, and several firmware versions of these models.
Can CVE-2019-5294 be exploited remotely?
Yes, CVE-2019-5294 can be exploited remotely by an attacker who sends specially crafted messages to the affected Huawei devices.
What type of vulnerability is CVE-2019-5294 classified as?
CVE-2019-5294 is classified as an out-of-bounds read vulnerability, which may lead to abnormal service conditions.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei ar120-s
- version/huawei ar120-s/v200r005c20
- version/huawei ar120-s/v200r006c10
- version/huawei ar120-s/v200r007c00
- canonical/huawei ar120 firmware
- canonical/huawei ar1200 firmware
- version/huawei ar1200 firmware/v200r005c20
- version/huawei ar1200 firmware/v200r006c10
- version/huawei ar1200 firmware/v200r007c00
- canonical/huawei ar1200
- canonical/huawei ar1200-s firmware
- version/huawei ar1200-s firmware/v200r005c20
- version/huawei ar1200-s firmware/v200r006c10
- version/huawei ar1200-s firmware/v200r007c00
- canonical/huawei ar1200-s
- canonical/huawei ar150 firmware
- version/huawei ar150 firmware/v200r005c20
- version/huawei ar150 firmware/v200r006c10
- version/huawei ar150 firmware/v200r007c00
- canonical/huawei ar 150
- canonical/huawei ar150-s firmware
- version/huawei ar150-s firmware/v200r005c20
- version/huawei ar150-s firmware/v200r006c10
- version/huawei ar150-s firmware/v200r007c00
- canonical/huawei ar150-s
- canonical/huawei ar160 firmware
- version/huawei ar160 firmware/v200r005c20
- version/huawei ar160 firmware/v200r006c10
- version/huawei ar160 firmware/v200r007c00
- canonical/huawei ar200 firmware
- version/huawei ar200 firmware/v200r005c20
- version/huawei ar200 firmware/v200r006c10
- version/huawei ar200 firmware/v200r007c00
- canonical/huawei ar200
- canonical/huawei ar200-s firmware
- version/huawei ar200-s firmware/v200r005c20
- version/huawei ar200-s firmware/v200r006c10
- version/huawei ar200-s firmware/v200r007c00
- canonical/huawei ar2200 series firmware
- version/huawei ar2200 series firmware/v200r005c20
- version/huawei ar2200 series firmware/v200r006c10
- version/huawei ar2200 series firmware/v200r007c00
- canonical/huawei ar2200-s
- canonical/huawei ar3200
- version/huawei ar3200/v200r005c20
- version/huawei ar3200/v200r006c10
- canonical/huawei ar3200 firmware
- canonical/huawei ar3600 firmware
- version/huawei ar3600 firmware/v200r006c10
- version/huawei ar3600 firmware/v200r007c00
- canonical/huawei netengine 16ex firmware
- version/huawei netengine 16ex firmware/v200r005c20
- version/huawei netengine 16ex firmware/v200r006c10
- version/huawei netengine 16ex firmware/v200r007c00
- canonical/huawei netengine 16ex
- canonical/huawei srg1300 firmware
- version/huawei srg1300 firmware/v200r005c20
- version/huawei srg1300 firmware/v200r006c10
- version/huawei srg1300 firmware/v200r007c00
- canonical/huawei srg1300
- canonical/huawei srg2300
- version/huawei srg2300/v200r005c20
- version/huawei srg2300/v200r006c10
- version/huawei srg2300/v200r007c00
- canonical/huawei srg3300
- version/huawei srg3300/v200r005c20
- version/huawei srg3300/v200r006c10
- version/huawei srg3300/v200r007c00