Improper authentication in Huawei E5572-855
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-5253 |
| CWE-ID | CWE-287 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Huawei E5572-855 Hardware solutions / Routers for home users |
| Vendor | Huawei |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Authentication
EUVDB-ID: #VU23417
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2019-5253
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to the affected device does not perform a sufficient authentication when doing certain operation. A remote attacker on the local network can perform a man-in-the-middle attack and cause a denial of service (DoS) condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei E5572-855: before 8.0.1.3
CPE2.3 External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-04-dos-en
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
