VYPR

Oceanstor Uds Firmware

by Huawei

CVEs (7)

  • CVE-2015-2254CriMar 13, 2019
    risk 0.59cvss 9.1epss 0.01

    Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch.

  • CVE-2015-2252HigJun 8, 2017
    risk 0.57cvss 8.8epss 0.02

    Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.

  • CVE-2015-2251HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.01

    The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.

  • CVE-2016-5822HigJan 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets.

  • CVE-2016-5722HigJun 24, 2016
    risk 0.48cvss 7.3epss 0.01

    Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.

  • CVE-2019-5267MedDec 23, 2019
    risk 0.36cvss 5.5epss 0.00

    Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure.

  • CVE-2015-2253MedJun 8, 2017
    risk 0.33cvss 5.0epss 0.01

    The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.