CVE-2019-5254
Description
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read vulnerability in multiple Huawei products allows an authenticated attacker to cause board abnormality via crafted internal network messages.
Vulnerability
An out-of-bounds read vulnerability exists in certain Huawei products: AP2000, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, S5700, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace AntiDDoS8000, Secospace USG6300, Secospace USG6500, Secospace USG6600, USG6000V, and eSpace U1981 [1]. The affected software versions are those prior to the fixes released in the security advisory [1]. The bug resides in the inter-process communication handling of the board; due to insufficient validation of incoming messages, a crafted packet can cause an out-of-bounds read condition.
Exploitation
An attacker must first log in to the board (i.e., have local or remote authenticated access) and then send crafted messages from the internal network port or tamper with inter-process message packets [1]. The attacker can control the content of those messages to trigger the out-of-bounds read.
Impact
Successful exploitation leads to abnormal behavior of the affected board [1]. The primary impact is a denial of service (the board becomes unstable or unavailable); information disclosure may also be possible due to the out-of-bounds read nature, though the advisory focuses on the board's abnormal state.
Mitigation
Huawei released security updates to fix this vulnerability in December 2019 [1]. Users should upgrade their affected products to the patched versions listed in the Huawei security advisory [1]. No workarounds are documented. The vulnerability is not listed on CISA’s Known Exploited Vulnerabilities catalog as of this writing.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei/productsdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.