VYPR

Vendor CVEs

Huawei

All CVEs

2,253 total · sorted by risk
  • CVE-2016-6177MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays.

  • CVE-2015-8670MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service.

  • CVE-2014-9691MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2…

  • CVE-2016-8280MedOct 3, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.

  • CVE-2016-8277MedOct 3, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter.

  • CVE-2016-6901MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.01

    Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause…

  • CVE-2016-6827MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2016-6826MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment.

  • CVE-2016-6824MedSep 22, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets.

  • CVE-2016-7108MedSep 7, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.

  • CVE-2016-4057MedJun 30, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets.

  • CVE-2016-3677MedJun 13, 2016
    risk 0.42cvss 6.5epss 0.00

    The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.

  • CVE-2016-3950MedApr 18, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.

  • CVE-2015-8677MedApr 14, 2016
    risk 0.42cvss 6.5epss 0.01

    Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00…

  • CVE-2016-3676MedApr 11, 2016
    risk 0.42cvss 6.4epss 0.00

    Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network.

  • CVE-2015-8335MedJan 11, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log.

  • CVE-2026-41975MedJun 9, 2026
    risk 0.41cvss 6.3epss 0.00

    Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity.

  • CVE-2026-34862MedApr 13, 2026
    risk 0.41cvss 6.3epss 0.00

    Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-34861MedApr 13, 2026
    risk 0.41cvss 6.3epss 0.00

    Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2020-1839MedJul 6, 2020
    risk 0.41cvss 6.3epss 0.00

    HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into…

  • CVE-2019-5236MedAug 8, 2019
    risk 0.41cvss 6.3epss 0.01

    Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this…

  • CVE-2026-34852MedApr 13, 2026
    risk 0.40cvss 6.1epss 0.00

    Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2020-1855MedFeb 18, 2020
    risk 0.40cvss 6.1epss 0.00

    Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device…

  • CVE-2019-5246MedNov 13, 2019
    risk 0.40cvss 6.2epss 0.00

    Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does…

  • CVE-2019-5229MedNov 12, 2019
    risk 0.40cvss 6.2epss 0.00

    P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack,…

  • CVE-2019-5286MedJun 13, 2019
    risk 0.40cvss 6.1epss 0.01

    There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007.

  • CVE-2018-7940MedMay 10, 2018
    risk 0.40cvss 6.2epss 0.00

    Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some…

  • CVE-2017-8215MedNov 22, 2017
    risk 0.40cvss 6.2epss 0.00

    Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions…

  • CVE-2017-8214MedNov 22, 2017
    risk 0.40cvss 6.2epss 0.00

    Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions…

  • CVE-2017-8182MedNov 22, 2017
    risk 0.40cvss 6.1epss 0.01

    MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given…

  • CVE-2017-8139MedNov 22, 2017
    risk 0.40cvss 6.1epss 0.01

    HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users.

  • CVE-2017-8127MedNov 22, 2017
    risk 0.40cvss 6.1epss 0.01

    The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.

  • CVE-2017-8125MedNov 22, 2017
    risk 0.40cvss 6.1epss 0.01

    The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.

  • CVE-2016-8789MedApr 2, 2017
    risk 0.40cvss 6.1epss 0.01

    Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.

  • CVE-2016-6840MedSep 26, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors.

  • CVE-2016-6158MedSep 21, 2016
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via…

  • CVE-2016-6839MedSep 7, 2016
    risk 0.40cvss 6.1epss 0.01

    CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

  • CVE-2016-4575MedMay 25, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and…

  • CVE-2015-8682MedApr 13, 2016
    risk 0.40cvss 6.1epss 0.01

    The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before…

  • CVE-2016-2214MedFeb 8, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2015-8675MedJan 15, 2016
    risk 0.40cvss 6.2epss 0.00

    Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display.

  • CVE-2020-1840MedJan 21, 2020
    risk 0.39cvss 6.0epss 0.00

    HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak…

  • CVE-2017-8189MedNov 22, 2017
    risk 0.39cvss 6.0epss 0.00

    FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal.

  • CVE-2026-34859MedApr 13, 2026
    risk 0.38cvss 5.9epss 0.00

    UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

  • CVE-2022-48613MedNov 8, 2023
    risk 0.38cvss 5.9epss 0.00

    Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.

  • CVE-2022-48509MedJul 6, 2023
    risk 0.38cvss 5.9epss 0.00

    Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.

  • CVE-2022-44563MedNov 9, 2022
    risk 0.38cvss 5.9epss 0.00

    There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.

  • CVE-2022-39006MedSep 16, 2022
    risk 0.38cvss 5.9epss 0.00

    The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.

  • CVE-2021-40055MedMar 10, 2022
    risk 0.38cvss 5.9epss 0.00

    There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.

  • CVE-2021-37085MedDec 7, 2021
    risk 0.38cvss 5.9epss 0.00

    There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service.

Page 24 of 46