CVE-2019-19398
CRITICAL WAF: Medium
CVSS 9.8
Published: 2019-12-26
CWE-20
M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may lead to malicious code execution.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| huawei | m5_lite_10_firmware | 8.0.0.182\(c00\) |
References
- www.huawei.com (Vendor Advisory)