USG9500
by Huawei
CVEs (34)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9137 | Hig | 0.57 | 8.8 | 0.00 | Apr 2, 2017 | Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to… | ||
| CVE-2016-8796 | Hig | 0.49 | 7.5 | 0.01 | Apr 2, 2017 | Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition. | ||
| CVE-2016-8278 | Hig | 0.49 | 7.5 | 0.01 | Oct 3, 2016 | Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. | ||
| CVE-2016-8277 | Med | 0.42 | 6.5 | 0.01 | Oct 3, 2016 | Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. | ||
| CVE-2017-17162 | Med | 0.36 | 5.5 | 0.00 | Feb 15, 2018 | Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local… | ||
| CVE-2021-22342 | 0.00 | — | 0.01 | Jun 22, 2021 | There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include:… | |||
| CVE-2021-22360 | 0.00 | — | 0.01 | May 27, 2021 | There is a resource management error vulnerability in the verisions V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 of USG9500. An authentication attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource… | |||
| CVE-2021-22411 | 0.00 | — | 0.01 | May 27, 2021 | There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise… | |||
| CVE-2021-22309 | 0.00 | — | 0.01 | Mar 22, 2021 | There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions… | |||
| CVE-2020-9212 | 0.00 | — | 0.01 | Mar 22, 2021 | There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak. | |||
| CVE-2020-9201 | 0.00 | — | 0.00 | Dec 24, 2020 | There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal. | |||
| CVE-2020-9101 | 0.00 | — | 0.00 | Jul 17, 2020 | There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process… | |||
| CVE-2019-19415 | 0.00 | — | 0.01 | Jul 8, 2020 | The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful… | |||
| CVE-2019-19416 | 0.00 | — | 0.01 | Jul 8, 2020 | The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful… | |||
| CVE-2019-19417 | 0.00 | — | 0.01 | Jul 8, 2020 | The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful… | |||
| CVE-2020-1883 | 0.00 | — | 0.01 | Jun 5, 2020 | Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal. | |||
| CVE-2020-1877 | 0.00 | — | 0.00 | Feb 28, 2020 | NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when administrator log in to the device and performs some operations. Successful… | |||
| CVE-2020-1876 | 0.00 | — | 0.01 | Feb 28, 2020 | NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to… | |||
| CVE-2020-1881 | 0.00 | — | 0.01 | Feb 28, 2020 | NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper… | |||
| CVE-2020-1860 | 0.00 | — | 0.01 | Feb 28, 2020 | NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit… |
- risk 0.57cvss 8.8epss 0.00
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to…
- risk 0.49cvss 7.5epss 0.01
Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition.
- risk 0.49cvss 7.5epss 0.01
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL.
- risk 0.42cvss 6.5epss 0.01
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter.
- risk 0.36cvss 5.5epss 0.00
Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local…
- CVE-2021-22342Jun 22, 2021risk 0.00cvss —epss 0.01
There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include:…
- CVE-2021-22360May 27, 2021risk 0.00cvss —epss 0.01
There is a resource management error vulnerability in the verisions V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 of USG9500. An authentication attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource…
- CVE-2021-22411May 27, 2021risk 0.00cvss —epss 0.01
There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise…
- CVE-2021-22309Mar 22, 2021risk 0.00cvss —epss 0.01
There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions…
- CVE-2020-9212Mar 22, 2021risk 0.00cvss —epss 0.01
There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak.
- CVE-2020-9201Dec 24, 2020risk 0.00cvss —epss 0.00
There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal.
- CVE-2020-9101Jul 17, 2020risk 0.00cvss —epss 0.00
There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process…
- CVE-2019-19415Jul 8, 2020risk 0.00cvss —epss 0.01
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful…
- CVE-2019-19416Jul 8, 2020risk 0.00cvss —epss 0.01
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful…
- CVE-2019-19417Jul 8, 2020risk 0.00cvss —epss 0.01
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful…
- CVE-2020-1883Jun 5, 2020risk 0.00cvss —epss 0.01
Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal.
- CVE-2020-1877Feb 28, 2020risk 0.00cvss —epss 0.00
NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when administrator log in to the device and performs some operations. Successful…
- CVE-2020-1876Feb 28, 2020risk 0.00cvss —epss 0.01
NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to…
- CVE-2020-1881Feb 28, 2020risk 0.00cvss —epss 0.01
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper…
- CVE-2020-1860Feb 28, 2020risk 0.00cvss —epss 0.01
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit…
Page 1 of 2