Vendor CVEs
Huawei
All CVEs
2,254 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9416 | 0.03 | — | 0.01 | Dec 24, 2014 | Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll. | |||
| CVE-2014-9415 | 0.03 | — | 0.01 | Dec 24, 2014 | Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. | |||
| CVE-2014-5395 | 0.03 | — | 0.01 | Nov 21, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the… | |||
| CVE-2014-8359 | 0.03 | — | 0.01 | Nov 13, 2014 | Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory. | |||
| CVE-2014-2946 | 0.03 | — | 0.01 | Jun 2, 2014 | Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS… | |||
| CVE-2013-6031 | 0.03 | — | 0.06 | Mar 11, 2014 | The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2)… | |||
| CVE-2013-4631 | 0.03 | — | 0.04 | Jun 20, 2013 | Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues. | |||
| CVE-2013-4630 | 0.03 | — | 0.04 | Jun 20, 2013 | Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests. | |||
| CVE-2012-6568 | 0.03 | — | 0.01 | Jun 20, 2013 | Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. | |||
| CVE-2012-4960 | 0.03 | — | 0.03 | Jun 20, 2013 | The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E,… | |||
| CVE-2009-4197 | 0.03 | — | 0.00 | Dec 4, 2009 | rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers… | |||
| CVE-2009-4196 | 0.03 | — | 0.01 | Dec 4, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to… | |||
| CVE-2026-28542 | 0.00 | — | 0.00 | Mar 5, 2026 | Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28548 | 0.00 | — | 0.00 | Mar 5, 2026 | Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-28551 | 0.00 | — | 0.00 | Mar 5, 2026 | Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28549 | 0.00 | — | 0.00 | Mar 5, 2026 | Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28547 | 0.00 | — | 0.00 | Mar 5, 2026 | Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28546 | 0.00 | — | 0.00 | Mar 5, 2026 | Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28543 | 0.00 | — | 0.00 | Mar 5, 2026 | Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28541 | 0.00 | — | 0.00 | Mar 5, 2026 | Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28540 | 0.00 | — | 0.00 | Mar 5, 2026 | Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-28539 | 0.00 | — | 0.00 | Mar 5, 2026 | Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-28538 | 0.00 | — | 0.00 | Mar 5, 2026 | Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2025-66319 | 0.00 | — | 0.00 | Mar 5, 2026 | Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity. | |||
| CVE-2026-28552 | 0.00 | — | 0.00 | Mar 5, 2026 | Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28550 | 0.00 | — | 0.00 | Mar 5, 2026 | Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28545 | 0.00 | — | 0.00 | Mar 5, 2026 | Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28544 | 0.00 | — | 0.00 | Mar 5, 2026 | Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28537 | 0.00 | — | 0.00 | Mar 5, 2026 | Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-28536 | 0.00 | — | 0.00 | Mar 5, 2026 | Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||
| CVE-2026-26002 | 0.00 | — | 0.01 | Mar 4, 2026 | Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain… | |||
| CVE-2026-24928 | 0.00 | — | 0.00 | Feb 6, 2026 | Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-24927 | 0.00 | — | 0.00 | Feb 6, 2026 | Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-24924 | 0.00 | — | 0.00 | Feb 6, 2026 | Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-24920 | 0.00 | — | 0.00 | Feb 6, 2026 | Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-24919 | 0.00 | — | 0.00 | Feb 6, 2026 | Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-24917 | 0.00 | — | 0.00 | Feb 6, 2026 | UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-24916 | 0.00 | — | 0.00 | Feb 6, 2026 | Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-24931 | 0.00 | — | 0.00 | Feb 6, 2026 | Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-24930 | 0.00 | — | 0.00 | Feb 6, 2026 | UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-24929 | 0.00 | — | 0.00 | Feb 6, 2026 | Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-24923 | 0.00 | — | 0.00 | Feb 6, 2026 | Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-24922 | 0.00 | — | 0.00 | Feb 6, 2026 | Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-24921 | 0.00 | — | 0.00 | Feb 6, 2026 | Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | |||
| CVE-2026-24918 | 0.00 | — | 0.00 | Feb 6, 2026 | Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-24915 | 0.00 | — | 0.00 | Feb 6, 2026 | Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | |||
| CVE-2026-24914 | 0.00 | — | 0.00 | Feb 6, 2026 | Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-24926 | 0.00 | — | 0.00 | Feb 6, 2026 | Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-24925 | 0.00 | — | 0.00 | Feb 6, 2026 | Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-0622 | 0.00 | — | 0.00 | Jan 20, 2026 | Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset |
- CVE-2014-9416Dec 24, 2014risk 0.03cvss —epss 0.01
Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll.
- CVE-2014-9415Dec 24, 2014risk 0.03cvss —epss 0.01
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.
- CVE-2014-5395Nov 21, 2014risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the…
- CVE-2014-8359Nov 13, 2014risk 0.03cvss —epss 0.01
Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.
- CVE-2014-2946Jun 2, 2014risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS…
- CVE-2013-6031Mar 11, 2014risk 0.03cvss —epss 0.06
The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2)…
- CVE-2013-4631Jun 20, 2013risk 0.03cvss —epss 0.04
Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues.
- CVE-2013-4630Jun 20, 2013risk 0.03cvss —epss 0.04
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.
- CVE-2012-6568Jun 20, 2013risk 0.03cvss —epss 0.01
Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file.
- CVE-2012-4960Jun 20, 2013risk 0.03cvss —epss 0.03
The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E,…
- CVE-2009-4197Dec 4, 2009risk 0.03cvss —epss 0.00
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers…
- CVE-2009-4196Dec 4, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to…
- CVE-2026-28542Mar 5, 2026risk 0.00cvss —epss 0.00
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28548Mar 5, 2026risk 0.00cvss —epss 0.00
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-28551Mar 5, 2026risk 0.00cvss —epss 0.00
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28549Mar 5, 2026risk 0.00cvss —epss 0.00
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28547Mar 5, 2026risk 0.00cvss —epss 0.00
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28546Mar 5, 2026risk 0.00cvss —epss 0.00
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28543Mar 5, 2026risk 0.00cvss —epss 0.00
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28541Mar 5, 2026risk 0.00cvss —epss 0.00
Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28540Mar 5, 2026risk 0.00cvss —epss 0.00
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-28539Mar 5, 2026risk 0.00cvss —epss 0.00
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-28538Mar 5, 2026risk 0.00cvss —epss 0.00
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-66319Mar 5, 2026risk 0.00cvss —epss 0.00
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
- CVE-2026-28552Mar 5, 2026risk 0.00cvss —epss 0.00
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28550Mar 5, 2026risk 0.00cvss —epss 0.00
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28545Mar 5, 2026risk 0.00cvss —epss 0.00
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28544Mar 5, 2026risk 0.00cvss —epss 0.00
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28537Mar 5, 2026risk 0.00cvss —epss 0.00
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-28536Mar 5, 2026risk 0.00cvss —epss 0.00
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
- CVE-2026-26002Mar 4, 2026risk 0.00cvss —epss 0.01
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain…
- CVE-2026-24928Feb 6, 2026risk 0.00cvss —epss 0.00
Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-24927Feb 6, 2026risk 0.00cvss —epss 0.00
Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24924Feb 6, 2026risk 0.00cvss —epss 0.00
Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-24920Feb 6, 2026risk 0.00cvss —epss 0.00
Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24919Feb 6, 2026risk 0.00cvss —epss 0.00
Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24917Feb 6, 2026risk 0.00cvss —epss 0.00
UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24916Feb 6, 2026risk 0.00cvss —epss 0.00
Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-24931Feb 6, 2026risk 0.00cvss —epss 0.00
Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-24930Feb 6, 2026risk 0.00cvss —epss 0.00
UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24929Feb 6, 2026risk 0.00cvss —epss 0.00
Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24923Feb 6, 2026risk 0.00cvss —epss 0.00
Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-24922Feb 6, 2026risk 0.00cvss —epss 0.00
Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24921Feb 6, 2026risk 0.00cvss —epss 0.00
Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
- CVE-2026-24918Feb 6, 2026risk 0.00cvss —epss 0.00
Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24915Feb 6, 2026risk 0.00cvss —epss 0.00
Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
- CVE-2026-24914Feb 6, 2026risk 0.00cvss —epss 0.00
Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24926Feb 6, 2026risk 0.00cvss —epss 0.00
Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24925Feb 6, 2026risk 0.00cvss —epss 0.00
Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-0622Jan 20, 2026risk 0.00cvss —epss 0.00
Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset
Page 13 of 46