SB2019111504 - Multiple vulnerabilities in certain Huawei home routers
Published: November 15, 2019
Security Bulletin ID
SB2019111504
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper Authorization (CVE-ID: CVE-2019-5269)
The vulnerability allows a local user to bypass authorization checks.
The vulnerability exists due to improper authorization of certain programs. A local user can execute uploaded malicious files and escalate privilege on the target system.2) Input validation error (CVE-ID: CVE-2019-5268)
The vulnerability allows a local user to upload arbitrary files.
The vulnerability exists due to insufficient validation of user-supplied input. An authenticated attacker on adjacent network with access to the device can send a specially crafted packet to obtain files in the device and upload files to some directories.
Remediation
Install update from vendor's website.