Sign-up

ID

VAR-201912-0805


CVE

CVE-2019-5253


TITLE

E5572-855 Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013800

DESCRIPTION

E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack. E5572-855 Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei E5572-855 is a portable wireless router device from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5253 // JVNDB: JVNDB-2019-013800 // CNVD: CNVD-2019-44535

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-44535

AFFECTED PRODUCTS

vendor:huaweimodel:e5572-855scope:eqversion: -

Trust: 1.2

vendor:huaweimodel:e5572-855scope:ltversion:8.0.1.3\(h335sp1c233\)

Trust: 1.0

vendor:huaweimodel:e5572-855scope:ltversion:8.0.1.3(h335sp1c233)

Trust: 0.8

vendor:huaweimodel:e5572-855 <8.0.1.3scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-44535 // JVNDB: JVNDB-2019-013800 // CNNVD: CNNVD-201912-184 // NVD: CVE-2019-5253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5253
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5253
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-44535
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-184
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5253
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-44535
severity: MEDIUM
baseScore: 4.6
vectorString: AV:A/AC:H/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5253
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5253
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-44535 // JVNDB: JVNDB-2019-013800 // CNNVD: CNNVD-201912-184 // NVD: CVE-2019-5253

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2019-013800 // NVD: CVE-2019-5253

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-184

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-184

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013800

PATCH
title:huawei-sa-20191204-04-dosurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-04-dos-en
Trust: 0.8
title:Patch for Huawei E5572-855 Authorization Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/193471
Trust: 0.6
title:Huawei E5572-855 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103988
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44535 // 
            
            
            
            JVNDB: JVNDB-2019-013800 // 
            
            
            
            CNNVD: CNNVD-201912-184

EXTERNAL IDS
db:NVDid:CVE-2019-5253
Trust: 3.0
db:JVNDBid:JVNDB-2019-013800
Trust: 0.8
db:CNVDid:CNVD-2019-44535
Trust: 0.6
db:CNNVDid:CNNVD-201912-184
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44535 // 
            
            
            
            JVNDB: JVNDB-2019-013800 // 
            
            
            
            CNNVD: CNNVD-201912-184 // 
            
            
            
            NVD: CVE-2019-5253

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-04-dos-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-5253
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-04-dos-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5253
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-44535 // 
            
            
            
            JVNDB: JVNDB-2019-013800 // 
            
            
            
            CNNVD: CNNVD-201912-184 // 
            
            
            
            NVD: CVE-2019-5253

CREDITS
Huawei
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201912-184

SOURCES
db:CNVDid:CNVD-2019-44535
db:JVNDBid:JVNDB-2019-013800
db:CNNVDid:CNNVD-201912-184
db:NVDid:CVE-2019-5253

LAST UPDATE DATE
2024-11-23T22:37:35.280000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44535date:2019-12-10T00:00:00
db:JVNDBid:JVNDB-2019-013800date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-184date:2019-12-31T00:00:00
db:NVDid:CVE-2019-5253date:2024-11-21T04:44:36.630

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-44535date:2019-12-10T00:00:00
db:JVNDBid:JVNDB-2019-013800date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-184date:2019-12-04T00:00:00
db:NVDid:CVE-2019-5253date:2019-12-13T22:15:11.607