CVE-2019-5255
Description
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted messages from a FTP client to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the system out-of-bounds read and result in a denial of service condition of the affected service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A DoS vulnerability in Huawei products allows an attacker to send crafted FTP messages, causing out-of-bounds read and denial of service.
Vulnerability
A denial-of-service (DoS) vulnerability exists in multiple Huawei products, including AP2000, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, S5700, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace AntiDDoS8000, Secospace USG6300, Secospace USG6500, Secospace USG6600, USG6000V, and eSpace U1981. The vulnerability is due to insufficient validation of messages received from an FTP client. An attacker can exploit this by sending crafted messages, leading to an out-of-bounds read condition in the affected service [1].
Exploitation
An attacker does not require authentication or privileged network access; they only need to act as an FTP client and send specially crafted messages to the target device. The attack can be launched remotely over the network. The crafted messages trigger an out-of-bounds read when the system processes them without proper validation [1].
Impact
Successful exploitation causes the affected service to read beyond the bounds of allocated memory, resulting in a denial of service. The service becomes unavailable, disrupting normal operations. The impact is limited to availability; no data confidentiality or integrity compromise is indicated [1].
Mitigation
Huawei has released security updates to address this vulnerability. Affected users should apply the patches provided in the security advisory [1]. The advisory was initially released on 2019-12-11 and last updated on 2020-08-12. Users should consult the advisory for specific fixed versions for each product. No workarounds are documented; patching is the recommended mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei/productsdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.