VYPR

Vendor CVEs

Huawei

All CVEs

2,253 total · sorted by risk
  • CVE-2020-9122MedOct 12, 2020
    risk 0.42cvss 6.5epss 0.00

    Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version…

  • CVE-2020-6020MedSep 24, 2020
    risk 0.42cvss 6.4epss 0.01

    Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted…

  • CVE-2020-9084MedSep 18, 2020
    risk 0.42cvss 6.5epss 0.00

    Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and…

  • CVE-2020-9246MedAug 21, 2020
    risk 0.42cvss 6.5epss 0.01

    FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak.

  • CVE-2020-9249MedJul 31, 2020
    risk 0.42cvss 6.5epss 0.00

    HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can exploit this vulnerability to make the device denial of service.Affected…

  • CVE-2020-9256MedJul 18, 2020
    risk 0.42cvss 6.5epss 0.01

    Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. The system does not properly restrict the use of system service by applications, the attacker should trick the user into installing a malicious…

  • CVE-2020-9101MedJul 18, 2020
    risk 0.42cvss 6.5epss 0.00

    There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process…

  • CVE-2020-9259MedJul 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious…

  • CVE-2020-9260MedJul 10, 2020
    risk 0.42cvss 6.5epss 0.00

    HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI-FI function's default configuration in the system seems insecure, an attacker…

  • CVE-2020-1835MedJun 18, 2020
    risk 0.42cvss 6.5epss 0.00

    HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack.…

  • CVE-2020-9075MedJun 15, 2020
    risk 0.42cvss 6.5epss 0.01

    Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a…

  • CVE-2020-1825MedJun 15, 2020
    risk 0.42cvss 6.5epss 0.01

    FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the…

  • CVE-2020-9071MedJun 1, 2020
    risk 0.42cvss 6.5epss 0.01

    There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device.…

  • CVE-2020-9069MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.00

    There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier…

  • CVE-2020-1853MedFeb 17, 2020
    risk 0.42cvss 6.5epss 0.01

    GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage.

  • CVE-2019-19441MedJan 3, 2020
    risk 0.42cvss 6.5epss 0.00

    HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause information leak.

  • CVE-2019-5278MedDec 13, 2019
    risk 0.42cvss 6.5epss 0.01

    There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database.…

  • CVE-2019-5260MedDec 13, 2019
    risk 0.42cvss 6.5epss 0.00

    Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected…

  • CVE-2019-5290MedDec 13, 2019
    risk 0.42cvss 6.5epss 0.01

    Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal.

  • CVE-2019-5280MedAug 13, 2019
    risk 0.42cvss 6.5epss 0.00

    The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected…

  • CVE-2019-5221MedJul 10, 2019
    risk 0.42cvss 6.5epss 0.00

    There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the…

  • CVE-2019-5295MedJun 6, 2019
    risk 0.42cvss 6.4epss 0.00

    Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific…

  • CVE-2019-5284MedJun 4, 2019
    risk 0.42cvss 6.5epss 0.01

    There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could…

  • CVE-2018-7961MedNov 27, 2018
    risk 0.42cvss 6.5epss 0.01

    There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause…

  • CVE-2017-17175MedJul 2, 2018
    risk 0.42cvss 6.5epss 0.00

    Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone,…

  • CVE-2017-17318MedApr 30, 2018
    risk 0.42cvss 6.5epss 0.00

    Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http…

  • CVE-2017-15315MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated…

  • CVE-2017-17304MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit…

  • CVE-2017-17250MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300…

  • CVE-2017-17170MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit…

  • CVE-2017-17169MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit…

  • CVE-2017-17168MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit…

  • CVE-2017-17159MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.00

    Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to…

  • CVE-2017-15322MedDec 22, 2017
    risk 0.42cvss 6.5epss 0.00

    Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device.…

  • CVE-2017-15310MedDec 22, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD card.

  • CVE-2017-8201MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful…

  • CVE-2017-8200MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful…

  • CVE-2017-8199MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful…

  • CVE-2017-8163MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software…

  • CVE-2017-8162MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software…

  • CVE-2017-8158MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.00

    FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources.…

  • CVE-2017-8130MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.

  • CVE-2017-2728MedNov 22, 2017
    risk 0.42cvss 6.4epss 0.00

    Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.uawei…

  • CVE-2017-2717MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.00

    honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a response message to the device, which contains an illegal length field, it could…

  • CVE-2016-8802MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100,…

  • CVE-2016-8781MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a…

  • CVE-2016-8780MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition.

  • CVE-2016-8779MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database.

  • CVE-2016-8764MedApr 2, 2017
    risk 0.42cvss 6.4epss 0.00

    The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows…

  • CVE-2016-8275MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb.

Page 23 of 46