VYPR

Vendor CVEs

Huawei

All CVEs

2,254 total · sorted by risk
  • CVE-2017-8133HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.02

    Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to…

  • CVE-2017-8132HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some…

  • CVE-2017-8131HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some…

  • CVE-2017-2737HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.

  • CVE-2017-2722HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software…

  • CVE-2017-2719HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious…

  • CVE-2017-2718HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious…

  • CVE-2015-7843HigOct 3, 2017
    risk 0.57cvss 8.8epss 0.01

    The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with…

  • CVE-2015-8334HigAug 29, 2017
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.

  • CVE-2015-8332HigAug 28, 2017
    risk 0.57cvss 8.8epss 0.01

    Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal…

  • CVE-2015-2252HigJun 8, 2017
    risk 0.57cvss 8.8epss 0.02

    Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.

  • CVE-2015-8671HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.01

    Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions.

  • CVE-2014-9696HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.01

    The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation.

  • CVE-2014-9695HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.01

    The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user.

  • CVE-2014-9694HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.01

    Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2…

  • CVE-2014-9137HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.00

    Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to…

  • CVE-2014-9136HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.00

    Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.

  • CVE-2014-4707HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.01

    Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade…

  • CVE-2016-5230HigJun 30, 2016
    risk 0.57cvss 8.8epss 0.01

    Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app.

  • CVE-2016-2405HigApr 12, 2016
    risk 0.57cvss 8.8epss 0.02

    Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL.

  • CVE-2017-8155HigNov 22, 2017
    risk 0.55cvss 8.4epss 0.00

    The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the…

  • CVE-2017-2726HigNov 22, 2017
    risk 0.55cvss 8.4epss 0.01

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The…

  • CVE-2017-2724HigNov 22, 2017
    risk 0.55cvss 8.4epss 0.01

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The…

  • CVE-2014-8358HigDec 11, 2017
    risk 0.54cvss 7.8epss 0.05

    Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM…

  • CVE-2015-8088HigJan 12, 2016
    risk 0.54cvss 7.8epss 0.04

    Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 and P8 phones with software GRA-TL00 before…

  • CVE-2016-5234HigJun 13, 2016
    risk 0.53cvss 8.1epss 0.03

    Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute…

  • CVE-2016-4087HigMay 23, 2016
    risk 0.53cvss 8.1epss 0.01

    Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets.

  • CVE-2016-3675HigApr 11, 2016
    risk 0.53cvss 8.1epss 0.01

    SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.

  • CVE-2023-7300HigDec 26, 2024
    risk 0.52cvss 8.0epss 0.00

    Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613)

  • CVE-2017-8193HigNov 22, 2017
    risk 0.52cvss 8.0epss 0.01

    The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands.

  • CVE-2017-2714HigNov 22, 2017
    risk 0.52cvss 8.0epss 0.01

    The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) condition in the affected system.

  • CVE-2018-7923HigSep 12, 2018
    risk 0.51cvss 7.8epss 0.01

    Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the…

  • CVE-2018-7922HigSep 12, 2018
    risk 0.51cvss 7.8epss 0.01

    Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the…

  • CVE-2018-7937HigSep 4, 2018
    risk 0.51cvss 7.8epss 0.01

    In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and…

  • CVE-2018-7993HigJul 31, 2018
    risk 0.51cvss 7.8epss 0.01

    HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful…

  • CVE-2017-17173HigJun 14, 2018
    risk 0.51cvss 7.8epss 0.01

    Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and…

  • CVE-2018-7933HigMay 10, 2018
    risk 0.51cvss 7.8epss 0.01

    Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker…

  • CVE-2017-15325HigMar 23, 2018
    risk 0.51cvss 7.8epss 0.01

    The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer…

  • CVE-2017-17320HigMar 20, 2018
    risk 0.51cvss 7.8epss 0.01

    Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root…

  • CVE-2016-8783HigMar 9, 2018
    risk 0.51cvss 7.8epss 0.01

    Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter…

  • CVE-2017-17324HigMar 9, 2018
    risk 0.51cvss 7.8epss 0.01

    Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow.…

  • CVE-2017-17227HigMar 9, 2018
    risk 0.51cvss 7.8epss 0.01

    GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters…

  • CVE-2017-17146HigMar 9, 2018
    risk 0.51cvss 7.8epss 0.01

    Huawei DP300 V500R002C00 have a buffer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks or remote code execution on the device.

  • CVE-2017-15316HigDec 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application,…

  • CVE-2017-8212HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…

  • CVE-2017-8211HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…

  • CVE-2017-8210HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…

  • CVE-2017-8209HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…

  • CVE-2017-8208HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…

  • CVE-2017-8207HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C, honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…

Page 2 of 46