CVE-2019-5291
MEDIUMHuawei AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200 Firmware - Insufficient Verification of Data Authenticity
Title source: llmDescription
Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en
Scores
CVSS v3
5.9
EPSS
0.0022
EPSS Percentile
44.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-345
Status
published
Products (50)
huawei/ar120-s_firmware
v200r005c20
huawei/ar120-s_firmware
v200r006c10
huawei/ar120-s_firmware
v200r007c00
huawei/ar120-s_firmware
v200r008c50
huawei/ar1200-s_firmware
v200r005c20
huawei/ar1200-s_firmware
v200r006c10
huawei/ar1200-s_firmware
v200r007c00
huawei/ar1200-s_firmware
v200r008c50
huawei/ar1200_firmware
v200r005c00
huawei/ar1200_firmware
v200r006c10
... and 40 more
Published
Dec 13, 2019
Tracked Since
Feb 18, 2026