What is CVE-2019-5304?

CVE-2019-5304 is a high-severity vulnerability in Huawei Ar1200, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 7.5/10. Published 2020-01-03.

How severe is CVE-2019-5304?

High severity. CVSS v3 base score is 7.5 out of 10.

Buffer overflow in Huawei Ar1200

CVE-2019-5304

Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, suc…

Vulnerability class: Buffer Overflow

EPSS: 0.010 (57.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Huawei Ar1200
Huawei Ar1200_firmware — versions v200r003c01, v200r005c20, v200r006c10
Huawei Ar1200-s
Huawei Ar1200-s_firmware — versions v200r003c01, v200r005c20, v200r006c10
Huawei Ar120-s
Huawei Ar120-s_firmware — versions v200r006c10, v200r007c00, v200r008c20
Huawei Ar150
Huawei Ar150_firmware — versions v200r003c01, v200r005c20, v200r006c10
Huawei Ar150-s
Huawei Ar150-s_firmware — versions v200r003c01, v200r005c20, v200r006c10

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

psirt@huawei.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2019-5304?: CVE-2019-5304 is a high-severity vulnerability in Huawei Ar1200, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 7.5/10. Published 2020-01-03.
How severe is CVE-2019-5304?: High severity. CVSS v3 base score is 7.5 out of 10.