VYPR

Webui

by Huawei

CVEs (5)

  • CVE-2026-22677MedMay 13, 2026
    risk 0.35cvss 6.5epss 0.00

    Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in…

  • CVE-2014-2946Jun 2, 2014
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS…

  • CVE-2026-0622Jan 20, 2026
    risk 0.00cvss epss 0.00

    Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset

  • CVE-2025-63414Dec 16, 2025
    risk 0.00cvss epss 0.02

    A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an…

  • CVE-2015-3912May 21, 2015
    risk 0.00cvss epss 0.01

    Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.