CVE-2019-5298
Published Jun 4, 2019
Last updated 5 years ago
Overview
- Description
- There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800. Due to the improper implementation of authentication for the serial port, an attacker could exploit this vulnerability by connecting to the affected products and running a series of commands.
- Source
- psirt@huawei.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ap4050dn-e_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6923D0FA-AEC5-43F6-B50F-D65633EC5498",
"versionEndExcluding": "v200r009c00"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ap4050dn-e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9746576E-94D6-4866-B10E-E03FEC4DE9A5"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]