Sign-up

ID

VAR-201906-0116


CVE

CVE-2019-5298


TITLE

plural Huawei AP Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-005137

DESCRIPTION

There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800. Due to the improper implementation of authentication for the serial port, an attacker could exploit this vulnerability by connecting to the affected products and running a series of commands. plural Huawei AP The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiAP4050DN-E is a wireless access point device of China Huawei. The vulnerability stems from the program failing to properly authenticate the serial port

Trust: 2.16

sources: NVD: CVE-2019-5298 // JVNDB: JVNDB-2019-005137 // CNVD: CNVD-2019-12916

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-12916

AFFECTED PRODUCTS

vendor:huaweimodel:ap4050dn-escope:ltversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:ap4050dn-escope:ltversion:v200r009c00spc800

Trust: 0.8

vendor:huaweimodel:ap4050dn-e v200r009c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-12916 // JVNDB: JVNDB-2019-005137 // NVD: CVE-2019-5298

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5298
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5298
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-12916
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-1123
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5298
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-12916
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5298
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-12916 // JVNDB: JVNDB-2019-005137 // CNNVD: CNNVD-201903-1123 // NVD: CVE-2019-5298

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2019-005137 // NVD: CVE-2019-5298

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201903-1123

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005137

PATCH
title:huawei-sa-20190327-01-apurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190327-01-ap-en
Trust: 0.8
title:HuaweiAP4050DN-E patch for improper authentication vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/160241
Trust: 0.6
title:Huawei AP4050DN-E Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90537
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-12916 // 
            
            
            
            JVNDB: JVNDB-2019-005137 // 
            
            
            
            CNNVD: CNNVD-201903-1123

EXTERNAL IDS
db:NVDid:CVE-2019-5298
Trust: 3.0
db:JVNDBid:JVNDB-2019-005137
Trust: 0.8
db:CNVDid:CNVD-2019-12916
Trust: 0.6
db:CNNVDid:CNNVD-201903-1123
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-12916 // 
            
            
            
            JVNDB: JVNDB-2019-005137 // 
            
            
            
            CNNVD: CNNVD-201903-1123 // 
            
            
            
            NVD: CVE-2019-5298

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-5298
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190327-01-ap-cn
Trust: 1.2
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190327-01-ap-en
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5298
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-12916 // 
            
            
            
            JVNDB: JVNDB-2019-005137 // 
            
            
            
            CNNVD: CNNVD-201903-1123 // 
            
            
            
            NVD: CVE-2019-5298

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-1123

SOURCES
db:CNVDid:CNVD-2019-12916
db:JVNDBid:JVNDB-2019-005137
db:CNNVDid:CNNVD-201903-1123
db:NVDid:CVE-2019-5298

LAST UPDATE DATE
2024-11-23T22:41:29.570000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-12916date:2019-05-05T00:00:00
db:JVNDBid:JVNDB-2019-005137date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201903-1123date:2019-10-14T00:00:00
db:NVDid:CVE-2019-5298date:2024-11-21T04:44:41.857

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-12916date:2019-05-05T00:00:00
db:JVNDBid:JVNDB-2019-005137date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201903-1123date:2019-03-27T00:00:00
db:NVDid:CVE-2019-5298date:2019-06-04T19:29:00.587