CWE
347
Advisory Published
Updated

CVE-2019-5300

First published: Tue Jun 04 2019(Updated: )

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei Ar1200 Firmware=v200r007c00
Huawei Ar1200 Firmware=v200r008c20
Huawei Ar1200 Firmware=v200r008c50
Huawei Ar1200 Firmware=v200r009c00
Huawei Ar1200 Firmware=v200r010c00
Huawei Ar1200e
Huawei Ar1220c
Huawei Ar1220ev
Huawei Ar1220evw
Huawei Ar1200-s Firmware=v200r007c00
Huawei Ar1200-s Firmware=v200r008c20
Huawei Ar1200-s Firmware=v200r008c50
Huawei Ar1200-s Firmware=v200r009c00
Huawei Ar1200-s Firmware=v200r010c00
Huawei Ar1220f-s
Huawei Ar150 Firmware=v200r007c00
Huawei Ar150 Firmware=v200r008c20
Huawei Ar150 Firmware=v200r008c50
Huawei Ar150 Firmware=v200r009c00
Huawei Ar150 Firmware=v200r010c00
Huawei Ar158evw
Huawei Ar160 Firmware=v200r007c00
Huawei Ar160 Firmware=v200r008c20
Huawei Ar160 Firmware=v200r008c50
Huawei Ar160 Firmware=v200r009c00
Huawei Ar160 Firmware=v200r010c00
Huawei Ar161
Huawei Ar161ew
Huawei Ar161f
Huawei Ar161f-dgp
Huawei Ar161fg-l
Huawei Ar161fgw-l
Huawei Ar161fv-1p
Huawei Ar161fw
Huawei Ar161g-l
Huawei Ar161w
Huawei Ar168f
Huawei Ar168f-4p
Huawei Ar169
Huawei Ar169egw-l
Huawei Ar169ew
Huawei Ar169f
Huawei Ar169fgw-l
Huawei Ar169fvw
Huawei Ar169fvw-8s
Huawei Ar169g-l
Huawei Ar169jfvw-2s
Huawei Ar169w
Huawei Ar200 Firmware=v200r007c00
Huawei Ar200 Firmware=v200r008c20
Huawei Ar200 Firmware=v200r008c50
Huawei Ar200 Firmware=v200r009c00
Huawei Ar200 Firmware=v200r010c00
Huawei Ar201
Huawei Ar2200 Firmware=v200r007c00
Huawei Ar2200 Firmware=v200r008c20
Huawei Ar2200 Firmware=v200r008c50
Huawei Ar2200 Firmware=v200r009c00
Huawei Ar2200 Firmware=v200r010c00
Huawei Ar2204-27ge
Huawei Ar2204-27ge-p
Huawei Ar2204-51ge-p
Huawei Ar2204e
Huawei Ar2204xe
Huawei Ar2220e
Huawei Ar2240
Huawei Ar2240c
Huawei Ar2200s Firmware=v200r007c00
Huawei Ar2200s Firmware=v200r008c20
Huawei Ar2200s Firmware=v200r008c50
Huawei Ar2200s Firmware=v200r009c00
Huawei Ar2200s Firmware=v200r010c00
Huawei Ar2200s
Huawei Ar3200 Firmware=v200r007c00
Huawei Ar3200 Firmware=v200r008c20
Huawei Ar3200 Firmware=v200r008c50
Huawei Ar3200 Firmware=v200r009c00
Huawei Ar3200 Firmware=v200r010c00
Huawei Ar3260
Huawei Srg1300 Firmware=v200r007c00
Huawei Srg1300 Firmware=v200r008c50
Huawei Srg1300 Firmware=v200r009c00
Huawei Srg1300 Firmware=v200r010c00
Huawei Srg1320vw
Huawei Srg2300 Firmware=v200r007c00
Huawei Srg2300 Firmware=v200r008c50
Huawei Srg2300 Firmware=v200r009c00
Huawei Srg2300 Firmware=v200r010c00
Huawei Srg2320e
Huawei Srg3300 Firmware=v200r007c00
Huawei Srg3300 Firmware=v200r008c50
Huawei Srg3300 Firmware=v200r009c00
Huawei Srg3300 Firmware=v200r010c00
Huawei Srg3340

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203