VYPR

Vendor CVEs

Huawei

All CVEs

2,254 total · sorted by risk
  • CVE-2014-8570MedApr 2, 2017
    risk 0.34cvss 5.3epss 0.01

    Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003,…

  • CVE-2016-4086MedJun 30, 2016
    risk 0.34cvss 5.3epss 0.00

    Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors.

  • CVE-2026-34866MedApr 13, 2026
    risk 0.33cvss 5.1epss 0.00

    Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

  • CVE-2015-2253MedJun 8, 2017
    risk 0.33cvss 5.0epss 0.01

    The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.

  • CVE-2016-8762MedApr 2, 2017
    risk 0.33cvss 5.0epss 0.00

    The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows…

  • CVE-2017-17303MedMar 9, 2018
    risk 0.32cvss 4.9epss 0.01

    Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800;…

  • CVE-2015-8086MedOct 3, 2016
    risk 0.32cvss 4.9epss 0.00

    Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software…

  • CVE-2015-8085MedOct 3, 2016
    risk 0.32cvss 4.9epss 0.00

    Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software…

  • CVE-2016-2314MedFeb 15, 2016
    risk 0.32cvss 4.9epss 0.01

    GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands.

  • CVE-2026-34857MedApr 13, 2026
    risk 0.31cvss 4.7epss 0.00

    UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2017-15346MedFeb 15, 2018
    risk 0.31cvss 4.7epss 0.00

    XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00,…

  • CVE-2017-15333MedFeb 15, 2018
    risk 0.31cvss 4.7epss 0.00

    XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00,…

  • CVE-2017-8148MedNov 22, 2017
    risk 0.31cvss 4.7epss 0.00

    Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the…

  • CVE-2018-7928MedOct 9, 2018
    risk 0.30cvss 4.6epss 0.00

    There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old…

  • CVE-2018-7991MedSep 18, 2018
    risk 0.30cvss 4.6epss 0.00

    Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then…

  • CVE-2018-7939MedSep 12, 2018
    risk 0.30cvss 4.6epss 0.00

    Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the…

  • CVE-2018-7990MedSep 4, 2018
    risk 0.30cvss 4.6epss 0.00

    Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an…

  • CVE-2018-7936MedSep 4, 2018
    risk 0.30cvss 4.6epss 0.00

    Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC…

  • CVE-2017-17158MedMay 24, 2018
    risk 0.30cvss 4.6epss 0.00

    Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the…

  • CVE-2017-17326MedMar 9, 2018
    risk 0.30cvss 4.6epss 0.00

    Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient…

  • CVE-2017-17145MedMar 9, 2018
    risk 0.30cvss 4.6epss 0.00

    Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone…

  • CVE-2017-8173MedNov 22, 2017
    risk 0.30cvss 4.6epss 0.00

    Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than…

  • CVE-2017-8171MedNov 22, 2017
    risk 0.30cvss 4.6epss 0.00

    Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and…

  • CVE-2017-8161MedNov 22, 2017
    risk 0.30cvss 4.6epss 0.00

    EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When…

  • CVE-2017-8152MedNov 22, 2017
    risk 0.30cvss 4.6epss 0.00

    Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The…

  • CVE-2017-2721MedNov 22, 2017
    risk 0.30cvss 4.6epss 0.00

    Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B1…

  • CVE-2017-2710MedNov 22, 2017
    risk 0.30cvss 4.6epss 0.00

    BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than…

  • CVE-2017-2708MedNov 22, 2017
    risk 0.30cvss 4.6epss 0.00

    The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone'…

  • CVE-2015-7846MedSep 25, 2017
    risk 0.30cvss 4.6epss 0.00

    Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information.

  • CVE-2016-8776MedApr 2, 2017
    risk 0.30cvss 4.6epss 0.00

    Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the…

  • CVE-2015-2808LowApr 1, 2015
    risk 0.30cvss 3.7epss 0.74

    The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing…

  • CVE-2018-7901MedApr 30, 2018
    risk 0.29cvss 4.4epss 0.00

    RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the…

  • CVE-2018-7931MedApr 24, 2018
    risk 0.28cvss 4.3epss 0.01

    Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism.

  • CVE-2017-15327MedApr 11, 2018
    risk 0.28cvss 4.3epss 0.00

    S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00,…

  • CVE-2017-15326MedMar 23, 2018
    risk 0.28cvss 4.3epss 0.00

    DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an…

  • CVE-2016-8785MedMar 9, 2018
    risk 0.28cvss 4.3epss 0.01

    Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it…

  • CVE-2016-8784MedMar 9, 2018
    risk 0.28cvss 4.3epss 0.00

    Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are…

  • CVE-2017-17323MedMar 9, 2018
    risk 0.28cvss 4.3epss 0.01

    Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful…

  • CVE-2017-17322MedMar 9, 2018
    risk 0.28cvss 4.3epss 0.01

    Huawei Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful…

  • CVE-2017-17281MedMar 9, 2018
    risk 0.28cvss 4.3epss 0.01

    SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated…

  • CVE-2017-17187MedFeb 15, 2018
    risk 0.28cvss 4.3epss 0.01

    Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input…

  • CVE-2017-17185MedFeb 15, 2018
    risk 0.28cvss 4.3epss 0.01

    Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. Due to insufficient input…

  • CVE-2017-17184MedFeb 15, 2018
    risk 0.28cvss 4.3epss 0.01

    Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input…

  • CVE-2017-17183MedFeb 15, 2018
    risk 0.28cvss 4.3epss 0.01

    Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input…

  • CVE-2017-17182MedFeb 15, 2018
    risk 0.28cvss 4.3epss 0.01

    Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. Due to insufficient input…

  • CVE-2017-8168MedNov 22, 2017
    risk 0.28cvss 4.3epss 0.00

    FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the internal network may…

  • CVE-2017-2727MedNov 22, 2017
    risk 0.28cvss 4.3epss 0.00

    Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a privilege escalation…

  • CVE-2016-2406MedMar 20, 2017
    risk 0.28cvss 4.3epss 0.01

    The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button.

  • CVE-2015-8336MedApr 14, 2016
    risk 0.28cvss 4.3epss 0.01

    Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.

  • CVE-2026-34858MedApr 13, 2026
    risk 0.27cvss 4.1epss 0.00

    UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

Page 11 of 46