Vendor CVEs
Huawei
All CVEs
2,254 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34860 | Med | 0.27 | 4.1 | 0.00 | Apr 13, 2026 | Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||
| CVE-2025-49599 | Med | 0.27 | 4.1 | 0.00 | Jun 6, 2025 | Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka… | ||
| CVE-2017-17171 | Med | 0.27 | 4.2 | 0.00 | Jun 1, 2018 | Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful… | ||
| CVE-2017-8196 | Med | 0.27 | 4.2 | 0.00 | Nov 22, 2017 | FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby querying, modifying, and deleting certain service data and making the service… | ||
| CVE-2025-66329 | Med | 0.26 | 4.0 | 0.00 | Dec 8, 2025 | Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||
| CVE-2015-8303 | Med | 0.26 | 4.0 | 0.00 | Jan 8, 2016 | Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file. | ||
| CVE-2018-7947 | Low | 0.25 | 3.9 | 0.00 | Jul 31, 2018 | Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to… | ||
| CVE-2017-17149 | Low | 0.25 | 3.9 | 0.00 | Mar 9, 2018 | Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special… | ||
| CVE-2017-17317 | Low | 0.24 | 3.7 | 0.01 | Jul 2, 2018 | Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace… | ||
| CVE-2017-17314 | Low | 0.24 | 3.7 | 0.01 | Apr 30, 2018 | Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an invalid memory access vulnerability. An unauthenticated attacker has to find… | ||
| CVE-2017-17325 | Low | 0.24 | 3.7 | 0.01 | Mar 9, 2018 | Huawei video applications HiCinema with software of 8.0.3.308; 8.0.4.300 have a permission control vulnerability. Due to improper verification of specific interface, an attacker who is on the same network with the user can obtain some information through a man-in-the-middle… | ||
| CVE-2017-17141 | Low | 0.24 | 3.7 | 0.01 | Mar 5, 2018 | Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T;… | ||
| CVE-2017-15353 | Low | 0.24 | 3.7 | 0.01 | Feb 15, 2018 | Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50,… | ||
| CVE-2017-15339 | Low | 0.24 | 3.7 | 0.01 | Feb 15, 2018 | The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00,… | ||
| CVE-2017-15338 | Low | 0.24 | 3.7 | 0.01 | Feb 15, 2018 | The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00,… | ||
| CVE-2017-15337 | Low | 0.24 | 3.7 | 0.01 | Feb 15, 2018 | The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00,… | ||
| CVE-2017-15321 | Low | 0.24 | 3.7 | 0.01 | Dec 22, 2017 | Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak. | ||
| CVE-2015-8224 | Low | 0.24 | 3.7 | 0.01 | Sep 20, 2017 | Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. | ||
| CVE-2016-5233 | Low | 0.24 | 3.7 | 0.01 | Jun 10, 2016 | Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors… | ||
| CVE-2026-41974 | Low | 0.23 | 3.6 | 0.00 | Jun 9, 2026 | Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability. | ||
| CVE-2017-17280 | Low | 0.23 | 3.5 | 0.00 | Mar 9, 2018 | NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will… | ||
| CVE-2017-2730 | Low | 0.23 | 3.5 | 0.00 | Nov 22, 2017 | HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect… | ||
| CVE-2018-7938 | Low | 0.21 | 3.3 | 0.01 | Sep 4, 2018 | P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware… | ||
| CVE-2018-7957 | Low | 0.21 | 3.3 | 0.00 | Jul 31, 2018 | Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally. | ||
| CVE-2017-17330 | Low | 0.21 | 3.3 | 0.00 | Mar 9, 2018 | Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory… | ||
| CVE-2017-17329 | Low | 0.21 | 3.3 | 0.00 | Mar 9, 2018 | Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run… | ||
| CVE-2017-17321 | Low | 0.21 | 3.3 | 0.00 | Mar 9, 2018 | Huawei eNSP software with software of versions earlier than V100R002C00B510 has a buffer overflow vulnerability. Due to the improper validation of specific command line parameter, a local attacker could exploit this vulnerability to cause the software process abnormal. | ||
| CVE-2017-17302 | Low | 0.21 | 3.3 | 0.00 | Feb 15, 2018 | Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load… | ||
| CVE-2017-17294 | Low | 0.21 | 3.3 | 0.00 | Feb 15, 2018 | Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,… | ||
| CVE-2017-17293 | Low | 0.21 | 3.3 | 0.00 | Feb 15, 2018 | Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,… | ||
| CVE-2017-17292 | Low | 0.21 | 3.3 | 0.00 | Feb 15, 2018 | Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,… | ||
| CVE-2017-17289 | Low | 0.21 | 3.3 | 0.00 | Feb 15, 2018 | Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release… | ||
| CVE-2017-2701 | Low | 0.21 | 3.3 | 0.00 | Nov 22, 2017 | Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to cause some functions of… | ||
| CVE-2017-2694 | Low | 0.21 | 3.3 | 0.01 | Nov 22, 2017 | The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly,… | ||
| CVE-2016-8757 | Low | 0.21 | 3.3 | 0.01 | Apr 2, 2017 | ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from… | ||
| CVE-2015-2246 | Low | 0.21 | 3.3 | 0.00 | Apr 2, 2017 | The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information. | ||
| CVE-2014-8571 | Low | 0.21 | 3.3 | 0.00 | Apr 2, 2017 | Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before… | ||
| CVE-2017-17282 | Low | 0.20 | 3.1 | 0.00 | Mar 9, 2018 | SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 has a buffer… | ||
| CVE-2017-15352 | Low | 0.20 | 3.1 | 0.00 | Feb 15, 2018 | Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10,… | ||
| CVE-2017-2739 | Low | 0.20 | 3.1 | 0.00 | Nov 22, 2017 | The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. | ||
| CVE-2026-41986 | Low | 0.16 | 2.4 | 0.00 | Jun 9, 2026 | Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability. | ||
| CVE-2026-34849 | Low | 0.16 | 2.5 | 0.00 | Apr 13, 2026 | UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||
| CVE-2017-2705 | Low | 0.16 | 2.4 | 0.00 | Nov 22, 2017 | Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a phone activation bypass… | ||
| CVE-2017-15307 | Low | 0.15 | 2.3 | 0.00 | Dec 22, 2017 | Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information. | ||
| CVE-2017-8118 | Low | 0.15 | 2.3 | 0.00 | Nov 22, 2017 | The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | ||
| CVE-2026-34851 | Low | 0.14 | 2.2 | 0.00 | Apr 13, 2026 | Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability. | ||
| CVE-2026-34850 | Low | 0.12 | 1.9 | 0.00 | Apr 13, 2026 | Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability. | ||
| CVE-2015-7254 | 0.05 | — | 0.28 | Nov 7, 2015 | Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. | |||
| CVE-2014-9418 | 0.03 | — | 0.01 | Dec 24, 2014 | The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. | |||
| CVE-2014-9417 | 0.03 | — | 0.01 | Dec 24, 2014 | The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. |
- risk 0.27cvss 4.1epss 0.00
Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
- risk 0.27cvss 4.1epss 0.00
Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka…
- risk 0.27cvss 4.2epss 0.00
Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful…
- risk 0.27cvss 4.2epss 0.00
FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby querying, modifying, and deleting certain service data and making the service…
- risk 0.26cvss 4.0epss 0.00
Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
- risk 0.26cvss 4.0epss 0.00
Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file.
- risk 0.25cvss 3.9epss 0.00
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to…
- risk 0.25cvss 3.9epss 0.00
Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special…
- risk 0.24cvss 3.7epss 0.01
Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace…
- risk 0.24cvss 3.7epss 0.01
Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an invalid memory access vulnerability. An unauthenticated attacker has to find…
- risk 0.24cvss 3.7epss 0.01
Huawei video applications HiCinema with software of 8.0.3.308; 8.0.4.300 have a permission control vulnerability. Due to improper verification of specific interface, an attacker who is on the same network with the user can obtain some information through a man-in-the-middle…
- risk 0.24cvss 3.7epss 0.01
Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T;…
- risk 0.24cvss 3.7epss 0.01
Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50,…
- risk 0.24cvss 3.7epss 0.01
The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00,…
- risk 0.24cvss 3.7epss 0.01
The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00,…
- risk 0.24cvss 3.7epss 0.01
The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00,…
- risk 0.24cvss 3.7epss 0.01
Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak.
- risk 0.24cvss 3.7epss 0.01
Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths.
- risk 0.24cvss 3.7epss 0.01
Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors…
- risk 0.23cvss 3.6epss 0.00
Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability.
- risk 0.23cvss 3.5epss 0.00
NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will…
- risk 0.23cvss 3.5epss 0.00
HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect…
- risk 0.21cvss 3.3epss 0.01
P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware…
- risk 0.21cvss 3.3epss 0.00
Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally.
- risk 0.21cvss 3.3epss 0.00
Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory…
- risk 0.21cvss 3.3epss 0.00
Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run…
- risk 0.21cvss 3.3epss 0.00
Huawei eNSP software with software of versions earlier than V100R002C00B510 has a buffer overflow vulnerability. Due to the improper validation of specific command line parameter, a local attacker could exploit this vulnerability to cause the software process abnormal.
- risk 0.21cvss 3.3epss 0.00
Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load…
- risk 0.21cvss 3.3epss 0.00
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,…
- risk 0.21cvss 3.3epss 0.00
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,…
- risk 0.21cvss 3.3epss 0.00
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,…
- risk 0.21cvss 3.3epss 0.00
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release…
- risk 0.21cvss 3.3epss 0.00
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to cause some functions of…
- risk 0.21cvss 3.3epss 0.01
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly,…
- risk 0.21cvss 3.3epss 0.01
ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from…
- risk 0.21cvss 3.3epss 0.00
The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information.
- risk 0.21cvss 3.3epss 0.00
Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before…
- risk 0.20cvss 3.1epss 0.00
SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 has a buffer…
- risk 0.20cvss 3.1epss 0.00
Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10,…
- risk 0.20cvss 3.1epss 0.00
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications.
- risk 0.16cvss 2.4epss 0.00
Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.
- risk 0.16cvss 2.5epss 0.00
UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerability may affect availability.
- risk 0.16cvss 2.4epss 0.00
Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a phone activation bypass…
- risk 0.15cvss 2.3epss 0.00
Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.
- risk 0.15cvss 2.3epss 0.00
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.
- risk 0.14cvss 2.2epss 0.00
Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability.
- risk 0.12cvss 1.9epss 0.00
Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2015-7254Nov 7, 2015risk 0.05cvss —epss 0.28
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
- CVE-2014-9418Dec 24, 2014risk 0.03cvss —epss 0.01
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.
- CVE-2014-9417Dec 24, 2014risk 0.03cvss —epss 0.01
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.
Page 12 of 46