VYPR

Vendor CVEs

Huawei

All CVEs

2,254 total · sorted by risk
  • CVE-2017-14491CriOct 4, 2017
    risk 0.73cvss 9.8epss 0.85

    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

  • CVE-2017-17215HigMar 20, 2018
    risk 0.66cvss 8.8epss 0.79

    Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.

  • CVE-2017-17301CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.01

    Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01,…

  • CVE-2017-8129CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8128CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8126CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8124CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8123CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8122CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8120CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8119CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8117CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-2738CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.03

    VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP…

  • CVE-2017-0828CriOct 4, 2017
    risk 0.64cvss 9.8epss 0.00

    An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855.

  • CVE-2015-7841CriOct 3, 2017
    risk 0.64cvss 9.8epss 0.02

    The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2…

  • CVE-2015-4629CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions.

  • CVE-2017-3216CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.05

    WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a…

  • CVE-2014-9693CriApr 2, 2017
    risk 0.64cvss 9.8epss 0.01

    Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2…

  • CVE-2016-6206CriMar 24, 2017
    risk 0.64cvss 9.8epss 0.04

    Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet.

  • CVE-2016-8276CriOct 3, 2016
    risk 0.64cvss 9.8epss 0.06

    Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a…

  • CVE-2016-7110CriSep 7, 2016
    risk 0.64cvss 9.8epss 0.03

    Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109.

  • CVE-2016-7109CriSep 7, 2016
    risk 0.64cvss 9.8epss 0.04

    Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.

  • CVE-2016-6825CriSep 7, 2016
    risk 0.64cvss 9.8epss 0.02

    Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote…

  • CVE-2016-6178CriAug 2, 2016
    risk 0.64cvss 9.8epss 0.03

    Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before…

  • CVE-2016-5365CriJun 14, 2016
    risk 0.64cvss 9.8epss 0.02

    Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.

  • CVE-2016-4576CriMay 23, 2016
    risk 0.64cvss 9.8epss 0.02

    Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to…

  • CVE-2016-2231CriFeb 15, 2016
    risk 0.64cvss 9.8epss 0.01

    The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have…

  • CVE-2026-34865CriApr 13, 2026
    risk 0.59cvss 9.1epss 0.00

    Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

  • CVE-2018-7951HigJun 1, 2018
    risk 0.57cvss 8.8epss 0.02

    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may…

  • CVE-2018-7950HigJun 1, 2018
    risk 0.57cvss 8.8epss 0.02

    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may…

  • CVE-2018-7949HigJun 1, 2018
    risk 0.57cvss 8.8epss 0.01

    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables…

  • CVE-2018-7904HigMay 24, 2018
    risk 0.57cvss 8.8epss 0.01

    Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain…

  • CVE-2018-7903HigMay 24, 2018
    risk 0.57cvss 8.8epss 0.01

    Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain…

  • CVE-2018-7902HigMay 24, 2018
    risk 0.57cvss 8.8epss 0.01

    Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain…

  • CVE-2018-7941HigMay 10, 2018
    risk 0.57cvss 8.8epss 0.01

    Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause…

  • CVE-2018-7932HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.00

    Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded…

  • CVE-2017-17225HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.01

    The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile phones with the versions before LON-AL00B 8.0.0.340a(C00) has a buffer overflow vulnerability due to the lack of input validation. An attacker may use an NFC card reader or another device to inject malicious…

  • CVE-2017-17223HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.02

    Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful…

  • CVE-2017-17222HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.01

    Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due…

  • CVE-2017-17221HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.01

    Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to…

  • CVE-2017-17285HigFeb 15, 2018
    risk 0.57cvss 8.8epss 0.01

    Bluetooth module in some Huawei mobile phones with software LON-AL00BC00B229 and earlier versions has a buffer overflow vulnerability. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth AVDTP/AVCTP messages after successful paring, causing…

  • CVE-2017-15329HigFeb 15, 2018
    risk 0.57cvss 8.8epss 0.01

    Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on…

  • CVE-2017-15313HigDec 22, 2017
    risk 0.57cvss 8.8epss 0.01

    Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device.

  • CVE-2017-15311HigDec 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due…

  • CVE-2017-15308HigDec 22, 2017
    risk 0.57cvss 8.8epss 0.01

    Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and…

  • CVE-2017-8195HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.

  • CVE-2017-8194HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.

  • CVE-2017-8138HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.00

    HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services.

  • CVE-2017-8135HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some…

  • CVE-2017-8134HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some…

Page 1 of 46