7.5

CVE-2019-5294

There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HuaweiAr120-s Firmware Versionv200r005c20
   HuaweiAr120-s Version-
HuaweiAr120-s Firmware Versionv200r006c10
   HuaweiAr120-s Version-
HuaweiAr120-s Firmware Versionv200r007c00
   HuaweiAr120-s Version-
HuaweiAr1200 Firmware Versionv200r005c20
   HuaweiAr1200 Version-
HuaweiAr1200 Firmware Versionv200r006c10
   HuaweiAr1200 Version-
HuaweiAr1200 Firmware Versionv200r007c00
   HuaweiAr1200 Version-
HuaweiAr1200-s Firmware Versionv200r005c20
   HuaweiAr1200-s Version-
HuaweiAr1200-s Firmware Versionv200r006c10
   HuaweiAr1200-s Version-
HuaweiAr1200-s Firmware Versionv200r007c00
   HuaweiAr1200-s Version-
HuaweiAr150 Firmware Versionv200r005c20
   HuaweiAr150 Version-
HuaweiAr150 Firmware Versionv200r006c10
   HuaweiAr150 Version-
HuaweiAr150 Firmware Versionv200r007c00
   HuaweiAr150 Version-
HuaweiAr150-s Firmware Versionv200r005c20
   HuaweiAr150-s Version-
HuaweiAr150-s Firmware Versionv200r006c10
   HuaweiAr150-s Version-
HuaweiAr150-s Firmware Versionv200r007c00
   HuaweiAr150-s Version-
HuaweiAr160 Firmware Versionv200r005c20
   HuaweiAr160 Version-
HuaweiAr160 Firmware Versionv200r006c10
   HuaweiAr160 Version-
HuaweiAr160 Firmware Versionv200r007c00
   HuaweiAr160 Version-
HuaweiAr200 Firmware Versionv200r005c20
   HuaweiAr200 Version-
HuaweiAr200 Firmware Versionv200r006c10
   HuaweiAr200 Version-
HuaweiAr200 Firmware Versionv200r007c00
   HuaweiAr200 Version-
HuaweiAr200-s Firmware Versionv200r005c20
   HuaweiAr200-s Version-
HuaweiAr200-s Firmware Versionv200r006c10
   HuaweiAr200-s Version-
HuaweiAr200-s Firmware Versionv200r007c00
   HuaweiAr200-s Version-
HuaweiAr2200 Firmware Versionv200r005c20
   HuaweiAr2200 Version-
HuaweiAr2200 Firmware Versionv200r006c10
   HuaweiAr2200 Version-
HuaweiAr2200 Firmware Versionv200r007c00
   HuaweiAr2200 Version-
HuaweiAr2200-s Firmware Versionv200r005c20
   HuaweiAr2200-s Version-
HuaweiAr2200-s Firmware Versionv200r006c10
   HuaweiAr2200-s Version-
HuaweiAr2200-s Firmware Versionv200r007c00
   HuaweiAr2200-s Version-
HuaweiAr3200 Firmware Versionv200r005c20
   HuaweiAr3200 Version-
HuaweiAr3200 Firmware Versionv200r006c10
   HuaweiAr3200 Version-
HuaweiAr3600 Firmware Versionv200r006c10
   HuaweiAr3600 Version-
HuaweiAr3600 Firmware Versionv200r007c00
   HuaweiAr3600 Version-
HuaweiNetengine16ex Firmware Versionv200r005c20
   HuaweiNetengine16ex Version-
HuaweiNetengine16ex Firmware Versionv200r006c10
   HuaweiNetengine16ex Version-
HuaweiNetengine16ex Firmware Versionv200r007c00
   HuaweiNetengine16ex Version-
HuaweiSrg1300 Firmware Versionv200r005c20
   HuaweiSrg1300 Version-
HuaweiSrg1300 Firmware Versionv200r006c10
   HuaweiSrg1300 Version-
HuaweiSrg1300 Firmware Versionv200r007c00
   HuaweiSrg1300 Version-
HuaweiSrg2300 Firmware Versionv200r005c20
   HuaweiSrg2300 Version-
HuaweiSrg2300 Firmware Versionv200r006c10
   HuaweiSrg2300 Version-
HuaweiSrg2300 Firmware Versionv200r007c00
   HuaweiSrg2300 Version-
HuaweiSrg3300 Firmware Versionv200r005c20
   HuaweiSrg3300 Version-
HuaweiSrg3300 Firmware Versionv200r006c10
   HuaweiSrg3300 Version-
HuaweiSrg3300 Firmware Versionv200r007c00
   HuaweiSrg3300 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.609
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.