How severe is CVE-2019-5307?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2019-5307?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2019-5307 - MEDIUM Severity | CVSS 4.2

Vulnerability Description

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)

Related Vulnerabilities

CVE-2024-39081

MEDIUM

CVSS:4.2(Medium)

An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.

CWE-2942024

CVE-2021-46835

MEDIUM

CVSS:4.3(Medium)

There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.

CWE-2942021

CVE-2024-38272

HIGH

CVSS:4.3(Medium)

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the use...

CWE-2942024

CVE-2023-20123

MEDIUM

CVSS:4.6(Medium)

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay...

CWE-2942023

CVE-2019-11856

LOW

CVSS:3.8(Low)

A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sh...

CWE-2942019

CVE-2019-11334

LOW

CVSS:3.7(Low)

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible withou...

CWE-2942019