CVE-2019-5300
First published: Tue Jun 04 2019(Updated: )
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei ar1200 firmware | =v200r007c00 | |
| Huawei ar1200 firmware | =v200r008c20 | |
| Huawei ar1200 firmware | =v200r008c50 | |
| Huawei ar1200 firmware | =v200r009c00 | |
| Huawei ar1200 firmware | =v200r010c00 | |
| Huawei AR1200E | ||
| Huawei AR1220 | ||
| Huawei AR1220 | ||
| Huawei AR1220 | ||
| Huawei ar1200-s firmware | =v200r007c00 | |
| Huawei ar1200-s firmware | =v200r008c20 | |
| Huawei ar1200-s firmware | =v200r008c50 | |
| Huawei ar1200-s firmware | =v200r009c00 | |
| Huawei ar1200-s firmware | =v200r010c00 | |
| Huawei AR1220 | ||
| Huawei ar150 firmware | =v200r007c00 | |
| Huawei ar150 firmware | =v200r008c20 | |
| Huawei ar150 firmware | =v200r008c50 | |
| Huawei ar150 firmware | =v200r009c00 | |
| Huawei ar150 firmware | =v200r010c00 | |
| Huawei AR158EVW | ||
| Huawei AR160 Firmware | =v200r007c00 | |
| Huawei AR160 Firmware | =v200r008c20 | |
| Huawei AR160 Firmware | =v200r008c50 | |
| Huawei AR160 Firmware | =v200r009c00 | |
| Huawei AR160 Firmware | =v200r010c00 | |
| Huawei AR161 | ||
| Huawei AR161EW | ||
| Huawei AR161F | ||
| Huawei AR161F-DGP | ||
| Huawei AR161FG-L | ||
| Huawei AR161FGW-L | ||
| Huawei AR161FV-1P | ||
| Huawei AR161FW | ||
| Huawei AR161G-L | ||
| Huawei AR161W | ||
| Huawei AR168F | ||
| Huawei AR168F | ||
| Huawei AR169 | ||
| Huawei AR169EGW-L | ||
| Huawei AR169 | ||
| Huawei AR169 | ||
| Huawei AR169FGW-L | ||
| Huawei AR169FVW | ||
| Huawei AR169FVW | ||
| Huawei AR169G-L | ||
| Huawei AR169JFW-2S | ||
| Huawei AR169W | ||
| Huawei AR200 Firmware | =v200r007c00 | |
| Huawei AR200 Firmware | =v200r008c20 | |
| Huawei AR200 Firmware | =v200r008c50 | |
| Huawei AR200 Firmware | =v200r009c00 | |
| Huawei AR200 Firmware | =v200r010c00 | |
| Huawei AR201 | ||
| Huawei AR2200 Series Firmware | =v200r007c00 | |
| Huawei AR2200 Series Firmware | =v200r008c20 | |
| Huawei AR2200 Series Firmware | =v200r008c50 | |
| Huawei AR2200 Series Firmware | =v200r009c00 | |
| Huawei AR2200 Series Firmware | =v200r010c00 | |
| Huawei AR2204-27GE | ||
| Huawei AR2204-27GE | ||
| Huawei AR2204-51GE-P | ||
| Huawei AR2204E | ||
| Huawei AR2204XE | ||
| Huawei AR2220E | ||
| Huawei AR2240 | ||
| Huawei AR2240 | ||
| Huawei AR2200 Series Firmware | =v200r007c00 | |
| Huawei AR2200 Series Firmware | =v200r008c20 | |
| Huawei AR2200 Series Firmware | =v200r008c50 | |
| Huawei AR2200 Series Firmware | =v200r009c00 | |
| Huawei AR2200 Series Firmware | =v200r010c00 | |
| Huawei AR2200S | ||
| Huawei AR3200 | =v200r007c00 | |
| Huawei AR3200 | =v200r008c20 | |
| Huawei AR3200 | =v200r008c50 | |
| Huawei AR3200 | =v200r009c00 | |
| Huawei AR3200 | =v200r010c00 | |
| Huawei AR3260 | ||
| Huawei SRG1300 Firmware | =v200r007c00 | |
| Huawei SRG1300 Firmware | =v200r008c50 | |
| Huawei SRG1300 Firmware | =v200r009c00 | |
| Huawei SRG1300 Firmware | =v200r010c00 | |
| Huawei SRG1320VW | ||
| Huawei SRG2300 | =v200r007c00 | |
| Huawei SRG2300 | =v200r008c50 | |
| Huawei SRG2300 | =v200r009c00 | |
| Huawei SRG2300 | =v200r010c00 | |
| Huawei SRG2320E | ||
| Huawei SRG3300 | =v200r007c00 | |
| Huawei SRG3300 | =v200r008c50 | |
| Huawei SRG3300 | =v200r009c00 | |
| Huawei SRG3300 | =v200r010c00 | |
| Huawei SRG3340 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-5300?
CVE-2019-5300 is classified as a high severity vulnerability due to its potential to allow unauthorized access to affected Huawei routers.
How do I fix CVE-2019-5300?
To fix CVE-2019-5300, update the firmware of affected Huawei routers to the latest version provided by Huawei.
Which devices are affected by CVE-2019-5300?
CVE-2019-5300 affects specific models including AR1200, AR150, AR160, AR200, AR2200, AR3200, and several SRG series routers.
What causes the CVE-2019-5300 vulnerability?
The CVE-2019-5300 vulnerability is caused by improper verification of digital signatures for software images in the affected devices.
Is CVE-2019-5300 actively being exploited?
As of now, there have been no confirmed reports of active exploitation of CVE-2019-5300, but it remains a significant security risk.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei ar1200 firmware
- version/huawei ar1200 firmware/v200r007c00
- version/huawei ar1200 firmware/v200r008c20
- version/huawei ar1200 firmware/v200r008c50
- version/huawei ar1200 firmware/v200r009c00
- version/huawei ar1200 firmware/v200r010c00
- canonical/huawei ar1200e
- canonical/huawei ar1220
- canonical/huawei ar1200-s firmware
- version/huawei ar1200-s firmware/v200r007c00
- version/huawei ar1200-s firmware/v200r008c20
- version/huawei ar1200-s firmware/v200r008c50
- version/huawei ar1200-s firmware/v200r009c00
- version/huawei ar1200-s firmware/v200r010c00
- canonical/huawei ar150 firmware
- version/huawei ar150 firmware/v200r007c00
- version/huawei ar150 firmware/v200r008c20
- version/huawei ar150 firmware/v200r008c50
- version/huawei ar150 firmware/v200r009c00
- version/huawei ar150 firmware/v200r010c00
- canonical/huawei ar158evw
- canonical/huawei ar160 firmware
- version/huawei ar160 firmware/v200r007c00
- version/huawei ar160 firmware/v200r008c20
- version/huawei ar160 firmware/v200r008c50
- version/huawei ar160 firmware/v200r009c00
- version/huawei ar160 firmware/v200r010c00
- canonical/huawei ar161
- canonical/huawei ar161ew
- canonical/huawei ar161f
- canonical/huawei ar161f-dgp
- canonical/huawei ar161fg-l
- canonical/huawei ar161fgw-l
- canonical/huawei ar161fv-1p
- canonical/huawei ar161fw
- canonical/huawei ar161g-l
- canonical/huawei ar161w
- canonical/huawei ar168f
- canonical/huawei ar169
- canonical/huawei ar169egw-l
- canonical/huawei ar169fgw-l
- canonical/huawei ar169fvw
- canonical/huawei ar169g-l
- canonical/huawei ar169jfw-2s
- canonical/huawei ar169w
- canonical/huawei ar200 firmware
- version/huawei ar200 firmware/v200r007c00
- version/huawei ar200 firmware/v200r008c20
- version/huawei ar200 firmware/v200r008c50
- version/huawei ar200 firmware/v200r009c00
- version/huawei ar200 firmware/v200r010c00
- canonical/huawei ar201
- canonical/huawei ar2200 series firmware
- version/huawei ar2200 series firmware/v200r007c00
- version/huawei ar2200 series firmware/v200r008c20
- version/huawei ar2200 series firmware/v200r008c50
- version/huawei ar2200 series firmware/v200r009c00
- version/huawei ar2200 series firmware/v200r010c00
- canonical/huawei ar2204-27ge
- canonical/huawei ar2204-51ge-p
- canonical/huawei ar2204e
- canonical/huawei ar2204xe
- canonical/huawei ar2220e
- canonical/huawei ar2240
- canonical/huawei ar2200s
- canonical/huawei ar3200
- version/huawei ar3200/v200r007c00
- version/huawei ar3200/v200r008c20
- version/huawei ar3200/v200r008c50
- version/huawei ar3200/v200r009c00
- version/huawei ar3200/v200r010c00
- canonical/huawei ar3260
- canonical/huawei srg1300 firmware
- version/huawei srg1300 firmware/v200r007c00
- version/huawei srg1300 firmware/v200r008c50
- version/huawei srg1300 firmware/v200r009c00
- version/huawei srg1300 firmware/v200r010c00
- canonical/huawei srg1320vw
- canonical/huawei srg2300
- version/huawei srg2300/v200r007c00
- version/huawei srg2300/v200r008c50
- version/huawei srg2300/v200r009c00
- version/huawei srg2300/v200r010c00
- canonical/huawei srg2320e
- canonical/huawei srg3300
- version/huawei srg3300/v200r007c00
- version/huawei srg3300/v200r008c50
- version/huawei srg3300/v200r009c00
- version/huawei srg3300/v200r010c00
- canonical/huawei srg3340