VYPR

Vendor CVEs

Huawei

All CVEs

2,254 total · sorted by risk
  • CVE-2014-9416Dec 24, 2014
    risk 0.03cvss epss 0.01

    Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll.

  • CVE-2014-9415Dec 24, 2014
    risk 0.03cvss epss 0.01

    Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.

  • CVE-2014-5395Nov 21, 2014
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the…

  • CVE-2014-8359Nov 13, 2014
    risk 0.03cvss epss 0.01

    Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.

  • CVE-2014-2946Jun 2, 2014
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS…

  • CVE-2013-6031Mar 11, 2014
    risk 0.03cvss epss 0.06

    The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2)…

  • CVE-2013-4631Jun 20, 2013
    risk 0.03cvss epss 0.04

    Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues.

  • CVE-2013-4630Jun 20, 2013
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.

  • CVE-2012-6568Jun 20, 2013
    risk 0.03cvss epss 0.01

    Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file.

  • CVE-2012-4960Jun 20, 2013
    risk 0.03cvss epss 0.03

    The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E,…

  • CVE-2009-4197Dec 4, 2009
    risk 0.03cvss epss 0.00

    rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers…

  • CVE-2009-4196Dec 4, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to…

  • CVE-2026-28542Mar 5, 2026
    risk 0.00cvss epss 0.00

    Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28548Mar 5, 2026
    risk 0.00cvss epss 0.00

    Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2026-28551Mar 5, 2026
    risk 0.00cvss epss 0.00

    Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28549Mar 5, 2026
    risk 0.00cvss epss 0.00

    Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28547Mar 5, 2026
    risk 0.00cvss epss 0.00

    Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28546Mar 5, 2026
    risk 0.00cvss epss 0.00

    Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28543Mar 5, 2026
    risk 0.00cvss epss 0.00

    Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28541Mar 5, 2026
    risk 0.00cvss epss 0.00

    Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28540Mar 5, 2026
    risk 0.00cvss epss 0.00

    Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2026-28539Mar 5, 2026
    risk 0.00cvss epss 0.00

    Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2026-28538Mar 5, 2026
    risk 0.00cvss epss 0.00

    Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2025-66319Mar 5, 2026
    risk 0.00cvss epss 0.00

    Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.

  • CVE-2026-28552Mar 5, 2026
    risk 0.00cvss epss 0.00

    Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28550Mar 5, 2026
    risk 0.00cvss epss 0.00

    Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28545Mar 5, 2026
    risk 0.00cvss epss 0.00

    Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28544Mar 5, 2026
    risk 0.00cvss epss 0.00

    Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28537Mar 5, 2026
    risk 0.00cvss epss 0.00

    Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-28536Mar 5, 2026
    risk 0.00cvss epss 0.00

    Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

  • CVE-2026-26002Mar 4, 2026
    risk 0.00cvss epss 0.01

    Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain…

  • CVE-2026-24928Feb 6, 2026
    risk 0.00cvss epss 0.00

    Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2026-24927Feb 6, 2026
    risk 0.00cvss epss 0.00

    Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-24924Feb 6, 2026
    risk 0.00cvss epss 0.00

    Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2026-24920Feb 6, 2026
    risk 0.00cvss epss 0.00

    Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-24919Feb 6, 2026
    risk 0.00cvss epss 0.00

    Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-24917Feb 6, 2026
    risk 0.00cvss epss 0.00

    UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-24916Feb 6, 2026
    risk 0.00cvss epss 0.00

    Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2026-24931Feb 6, 2026
    risk 0.00cvss epss 0.00

    Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2026-24930Feb 6, 2026
    risk 0.00cvss epss 0.00

    UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-24929Feb 6, 2026
    risk 0.00cvss epss 0.00

    Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-24923Feb 6, 2026
    risk 0.00cvss epss 0.00

    Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2026-24922Feb 6, 2026
    risk 0.00cvss epss 0.00

    Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-24921Feb 6, 2026
    risk 0.00cvss epss 0.00

    Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

  • CVE-2026-24918Feb 6, 2026
    risk 0.00cvss epss 0.00

    Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-24915Feb 6, 2026
    risk 0.00cvss epss 0.00

    Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

  • CVE-2026-24914Feb 6, 2026
    risk 0.00cvss epss 0.00

    Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-24926Feb 6, 2026
    risk 0.00cvss epss 0.00

    Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-24925Feb 6, 2026
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-0622Jan 20, 2026
    risk 0.00cvss epss 0.00

    Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset

Page 13 of 46