CVE-2019-5300

Name of the Vulnerable Software and Affected Versions Huawei routers versions AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300, SRG3300

Description The issue is related to a digital signature verification bypass. It occurs because the affected software improperly verifies digital signatures for the software image in the affected device. A local attacker with high privilege may exploit this to bypass integrity checks for software images and install a malicious software image on the affected device.

Recommendations For AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300, SRG3300, consider disabling the software image installation feature until a patch is available to prevent exploitation. Restrict access to the device to minimize the risk of a local attacker with high privilege exploiting the vulnerability. Avoid using the affected devices for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.