CVE-2019-5259
MEDIUMHuawei AR Series Firmware - Information Disclosure via Command Execution
Title source: llmDescription
There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600). An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an information disclosure condition.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-vrp-en
Scores
CVSS v3
6.5
EPSS
0.0010
EPSS Percentile
27.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-269
Status
published
Products (50)
huawei/ar120-s_firmware
v200r005c32
huawei/ar120-s_firmware
v200r006c10
huawei/ar120-s_firmware
v200r007c00
huawei/ar120-s_firmware
v200r008c50
huawei/ar120-s_firmware
v200r009c00
huawei/ar120-s_firmware
v200r010c00
huawei/ar1200-s_firmware
v200r005c20
huawei/ar1200-s_firmware
v200r005c32
huawei/ar1200-s_firmware
v200r006c10
huawei/ar1200-s_firmware
v200r007c00
... and 40 more
Published
Dec 16, 2019
Tracked Since
Feb 18, 2026