VYPR

Vendor CVEs

Huawei

All CVEs

2,254 total · sorted by risk
  • CVE-2016-4577HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.01

    Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet,…

  • CVE-2015-8676HigApr 14, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with…

  • CVE-2016-3678HigApr 11, 2016
    risk 0.49cvss 7.5epss 0.01

    Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic.

  • CVE-2015-8265HigFeb 1, 2016
    risk 0.49cvss 7.5epss 0.02

    Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via…

  • CVE-2015-8231HigJan 11, 2016
    risk 0.49cvss 7.5epss 0.01

    Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets.

  • CVE-2015-8230HigJan 11, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP packets.

  • CVE-2009-2272HigJul 1, 2009
    risk 0.49cvss 7.5epss 0.01

    The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified…

  • CVE-2022-48358HigMar 27, 2023
    risk 0.48cvss 7.4epss 0.00

    The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerability by a malicious app can cause service exceptions.

  • CVE-2021-26638HigJun 23, 2022
    risk 0.48cvss 7.3epss 0.03

    Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control.

  • CVE-2021-37069HigDec 8, 2021
    risk 0.48cvss 7.4epss 0.01

    There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected.

  • CVE-2019-5248HigDec 13, 2019
    risk 0.48cvss 7.4epss 0.00

    CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on…

  • CVE-2018-7960HigNov 27, 2018
    risk 0.48cvss 7.4epss 0.01

    There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information,…

  • CVE-2018-7958HigNov 27, 2018
    risk 0.48cvss 7.4epss 0.01

    There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication,…

  • CVE-2016-6192HigAug 2, 2016
    risk 0.48cvss 7.3epss 0.01

    Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193.

  • CVE-2016-5722HigJun 24, 2016
    risk 0.48cvss 7.3epss 0.01

    Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.

  • CVE-2015-8331HigJan 11, 2016
    risk 0.48cvss 7.4epss 0.01

    The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID.

  • CVE-2026-34856HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2023-7263HigDec 28, 2024
    risk 0.47cvss 7.3epss 0.00

    Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a…

  • CVE-2021-37127HigOct 27, 2021
    risk 0.47cvss 7.2epss 0.01

    There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file.…

  • CVE-2021-37106HigSep 28, 2021
    risk 0.47cvss 7.2epss 0.01

    There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently…

  • CVE-2021-22377HigJun 22, 2021
    risk 0.47cvss 7.2epss 0.01

    There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by…

  • CVE-2021-22311HigMar 22, 2021
    risk 0.47cvss 7.2epss 0.01

    There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected…

  • CVE-2020-9116HigDec 1, 2020
    risk 0.47cvss 7.2epss 0.01

    Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher…

  • CVE-2020-9115HigDec 1, 2020
    risk 0.47cvss 7.2epss 0.01

    ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient…

  • CVE-2017-17172HigJun 14, 2018
    risk 0.47cvss 7.3epss 0.00

    Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the…

  • CVE-2017-8198HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.01

    FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection…

  • CVE-2017-8197HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.02

    FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute…

  • CVE-2017-8188HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.02

    FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution.

  • CVE-2017-2736HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.01

    VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack.

  • CVE-2016-8801HigApr 2, 2017
    risk 0.47cvss 7.2epss 0.01

    Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege.

  • CVE-2016-8769MedApr 2, 2017
    risk 0.47cvss 6.7epss 0.02

    Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after…

  • CVE-2022-41577HigOct 14, 2022
    risk 0.46cvss 7.1epss 0.00

    The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability.

  • CVE-2021-22437HigFeb 25, 2022
    risk 0.46cvss 7.0epss 0.00

    There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access.

  • CVE-2021-22469HigOct 28, 2021
    risk 0.46cvss 7.1epss 0.00

    A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read.

  • CVE-2021-22326HigJun 30, 2021
    risk 0.46cvss 7.1epss 0.00

    A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability.

  • CVE-2021-22302HigFeb 6, 2021
    risk 0.46cvss 7.1epss 0.00

    There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service.

  • CVE-2020-9241HigAug 17, 2020
    risk 0.46cvss 7.0epss 0.00

    Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain…

  • CVE-2020-1808HigMay 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 smartphones with versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.176(C00E60R2P11);9.1.0.135(C00E133R2P1);…

  • CVE-2020-1806HigApr 27, 2020
    risk 0.46cvss 7.1epss 0.01

    Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may…

  • CVE-2020-1805HigApr 27, 2020
    risk 0.46cvss 7.1epss 0.01

    Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may…

  • CVE-2020-1804HigApr 27, 2020
    risk 0.46cvss 7.1epss 0.01

    Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may…

  • CVE-2019-5216HigJun 6, 2019
    risk 0.46cvss 7.0epss 0.01

    There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than…

  • CVE-2018-7921MedSep 12, 2018
    risk 0.46cvss 6.5epss 0.13

    Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information.

  • CVE-2017-15309HigDec 22, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.

  • CVE-2017-8153HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining…

  • CVE-2017-2735HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.01

    TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could…

  • CVE-2017-2707HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.00

    Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send…

  • CVE-2017-2706HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.01

    Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and…

  • CVE-2015-4422HigOct 19, 2017
    risk 0.46cvss 7.0epss 0.01

    The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application.

  • CVE-2015-7842HigOct 10, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before…

Page 20 of 46