Huawei CloudLink Phone 7900 denial of service vulnerability [CVE-2019-5280]

CVE Number – CVE-2019-5280

Huawei CloudLink Phone 7900 is vulnerable to a denial of service attack, caused by improper validation of specific parameters of the TLS server certificate in the SIP TLS module.

By using man-in-the-middle attack techniques, a remote attacker could exploit this vulnerability to cause phones to register abnormally and affect the availability of IP phones.

Affected Version – V600R019C10

Resolved Product and Version – V600R019C10SPC200

Further details –

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: