VYPR

Vendor CVEs

Huawei

All CVEs

2,253 total · sorted by risk
  • CVE-2017-2723MedNov 22, 2017
    risk 0.44cvss 6.7epss 0.00

    The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to…

  • CVE-2017-2703MedNov 22, 2017
    risk 0.44cvss 6.8epss 0.00

    Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier…

  • CVE-2017-2702MedNov 22, 2017
    risk 0.44cvss 6.8epss 0.00

    Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone.

  • CVE-2017-2691MedNov 22, 2017
    risk 0.44cvss 6.8epss 0.00

    Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot…

  • CVE-2015-6592MedSep 25, 2017
    risk 0.44cvss 6.8epss 0.00

    Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.

  • CVE-2016-8793MedApr 2, 2017
    risk 0.44cvss 6.7epss 0.00

    Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before…

  • CVE-2016-8775MedApr 2, 2017
    risk 0.44cvss 6.7epss 0.00

    Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code,…

  • CVE-2016-8774MedApr 2, 2017
    risk 0.44cvss 6.7epss 0.00

    The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368,…

  • CVE-2015-8673MedJan 12, 2016
    risk 0.44cvss 6.8epss 0.00

    Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by…

  • CVE-2026-41976MedJun 9, 2026
    risk 0.43cvss 6.6epss 0.00

    Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2020-1796MedMar 20, 2020
    risk 0.43cvss 6.6epss 0.00

    There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product…

  • CVE-2020-1787MedJan 9, 2020
    risk 0.43cvss 6.6epss 0.00

    HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host…

  • CVE-2016-6898MedSep 7, 2016
    risk 0.43cvss 6.6epss 0.01

    XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document.

  • CVE-2026-41982MedJun 9, 2026
    risk 0.42cvss 6.4epss 0.00

    Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2022-48314MedApr 16, 2023
    risk 0.42cvss 6.5epss 0.00

    The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

  • CVE-2022-48313MedApr 16, 2023
    risk 0.42cvss 6.5epss 0.00

    The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

  • CVE-2022-48355MedMar 27, 2023
    risk 0.42cvss 6.5epss 0.00

    The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.

  • CVE-2022-48354MedMar 27, 2023
    risk 0.42cvss 6.5epss 0.00

    The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.

  • CVE-2022-48291MedMar 27, 2023
    risk 0.42cvss 6.5epss 0.00

    The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

  • CVE-2022-48293MedFeb 9, 2023
    risk 0.42cvss 6.5epss 0.00

    The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

  • CVE-2022-48292MedFeb 9, 2023
    risk 0.42cvss 6.5epss 0.00

    The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

  • CVE-2022-47974MedJan 6, 2023
    risk 0.42cvss 6.5epss 0.00

    The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.

  • CVE-2022-46740MedDec 28, 2022
    risk 0.42cvss 6.5epss 0.00

    There is a denial of service vulnerability in the Wi-Fi module of the HUAWEI WS7100-20 Smart WiFi Router.Successful exploit could cause a denial of service (DoS) condition.

  • CVE-2022-33735MedSep 20, 2022
    risk 0.42cvss 6.5epss 0.00

    There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed.

  • CVE-2022-34741MedJul 12, 2022
    risk 0.42cvss 6.5epss 0.00

    The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.

  • CVE-2022-34740MedJul 12, 2022
    risk 0.42cvss 6.5epss 0.00

    The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.

  • CVE-2021-40016MedJul 12, 2022
    risk 0.42cvss 6.5epss 0.00

    Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality.

  • CVE-2021-40013MedJul 12, 2022
    risk 0.42cvss 6.5epss 0.00

    Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity.

  • CVE-2021-40059MedMar 10, 2022
    risk 0.42cvss 6.5epss 0.00

    There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.

  • CVE-2021-40042MedJan 31, 2022
    risk 0.42cvss 6.5epss 0.01

    There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800,…

  • CVE-2021-40007MedDec 13, 2021
    risk 0.42cvss 6.5epss 0.01

    There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure.

  • CVE-2021-37039MedDec 8, 2021
    risk 0.42cvss 6.5epss 0.00

    There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS.

  • CVE-2021-39995MedNov 29, 2021
    risk 0.42cvss 6.5epss 0.01

    Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS…

  • CVE-2021-37023MedNov 23, 2021
    risk 0.42cvss 6.5epss 0.01

    There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories on any device on the network..

  • CVE-2021-37124MedOct 27, 2021
    risk 0.42cvss 6.5epss 0.00

    There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport…

  • CVE-2021-37122MedOct 27, 2021
    risk 0.42cvss 6.5epss 0.00

    There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800…

  • CVE-2021-22382MedJun 22, 2021
    risk 0.42cvss 6.5epss 0.00

    Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform…

  • CVE-2021-22411MedMay 27, 2021
    risk 0.42cvss 6.5epss 0.01

    There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise…

  • CVE-2021-22339MedMay 20, 2021
    risk 0.42cvss 6.5epss 0.00

    There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal.

  • CVE-2021-22330MedApr 28, 2021
    risk 0.42cvss 6.5epss 0.00

    There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation…

  • CVE-2021-22327MedApr 28, 2021
    risk 0.42cvss 6.5epss 0.01

    There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions…

  • CVE-2021-22312MedApr 8, 2021
    risk 0.42cvss 6.5epss 0.01

    There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service…

  • CVE-2020-9212MedMar 22, 2021
    risk 0.42cvss 6.5epss 0.01

    There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak.

  • CVE-2021-22298MedFeb 6, 2021
    risk 0.42cvss 6.5epss 0.01

    There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions…

  • CVE-2020-1866MedJan 13, 2021
    risk 0.42cvss 6.5epss 0.00

    There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions…

  • CVE-2020-1865MedJan 13, 2021
    risk 0.42cvss 6.5epss 0.00

    There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of…

  • CVE-2020-9208MedDec 29, 2020
    risk 0.42cvss 6.5epss 0.01

    There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak.

  • CVE-2020-9201MedDec 24, 2020
    risk 0.42cvss 6.5epss 0.00

    There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal.

  • CVE-2020-9238MedOct 12, 2020
    risk 0.42cvss 6.5epss 0.00

    Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected…

  • CVE-2020-9230MedOct 12, 2020
    risk 0.42cvss 6.5epss 0.00

    WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abnormal.

Page 22 of 46