Huawei SRG3300 Digital Signature Verification signature verification

EntryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Huawei AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300. Affected is an unknown function of the component Digital Signature Verification. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field06/05/2019 09:15 AM06/19/2020 11:58 AM
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore6.76.7
cvss3_meta_tempscore6.76.7
cvss3_vuldb_basescore6.76.7
cvss3_vuldb_tempscore6.76.7
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prHH
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_nvd_avLL
cvss3_nvd_acLL
cvss3_nvd_prHH
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1559606400 (06/04/2019)1559606400 (06/04/2019)
urlhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-enhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en
price_0day$5k-$25k$5k-$25k
cveCVE-2019-5300CVE-2019-5300
cve_assigned15465600001546560000
cve_nvd_summaryThere is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
osvdb_titleMultiple Huawei routers security bypassMultiple Huawei routers security bypass
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days7676
cvss3_nvd_basescore6.76.7
vendorHuaweiHuawei
nameAR1200/AR1200-S/AR150/AR160/AR200/AR2200/AR2200-S/AR3200/SRG1300/SRG2300/SRG3300AR1200/AR1200-S/AR150/AR160/AR200/AR2200/AR2200-S/AR3200/SRG1300/SRG2300/SRG3300
componentDigital Signature VerificationDigital Signature Verification
input_typeDigital SignatureDigital Signature
discoverydate15530400001553040000
cwe347 (weak authentication)347 (weak authentication)
risk22
historic00
cvss2_vuldb_basescore6.66.6
cvss2_vuldb_tempscore6.66.6
cvss2_vuldb_avLL
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_nvd_avLL
cvss2_nvd_acLL
cvss2_nvd_auNN
confirm_urlhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en

Do you know our Splunk app?

Download it now for free!