Vendor CVEs
Huawei
All CVEs
2,253 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6177 | Med | 0.42 | 6.5 | 0.01 | Apr 2, 2017 | The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays. | ||
| CVE-2015-8670 | Med | 0.42 | 6.5 | 0.01 | Apr 2, 2017 | Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service. | ||
| CVE-2014-9691 | Med | 0.42 | 6.5 | 0.01 | Apr 2, 2017 | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2… | ||
| CVE-2016-8280 | Med | 0.42 | 6.5 | 0.02 | Oct 3, 2016 | Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||
| CVE-2016-8277 | Med | 0.42 | 6.5 | 0.01 | Oct 3, 2016 | Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. | ||
| CVE-2016-6901 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2016 | Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause… | ||
| CVE-2016-6827 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2016 | Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-6826 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2016 | Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. | ||
| CVE-2016-6824 | Med | 0.42 | 6.5 | 0.01 | Sep 22, 2016 | Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets. | ||
| CVE-2016-7108 | Med | 0.42 | 6.5 | 0.01 | Sep 7, 2016 | Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. | ||
| CVE-2016-4057 | Med | 0.42 | 6.5 | 0.01 | Jun 30, 2016 | Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. | ||
| CVE-2016-3677 | Med | 0.42 | 6.5 | 0.00 | Jun 13, 2016 | The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | ||
| CVE-2016-3950 | Med | 0.42 | 6.5 | 0.01 | Apr 18, 2016 | Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. | ||
| CVE-2015-8677 | Med | 0.42 | 6.5 | 0.01 | Apr 14, 2016 | Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00… | ||
| CVE-2016-3676 | Med | 0.42 | 6.4 | 0.00 | Apr 11, 2016 | Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network. | ||
| CVE-2015-8335 | Med | 0.42 | 6.5 | 0.01 | Jan 11, 2016 | Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log. | ||
| CVE-2026-41975 | Med | 0.41 | 6.3 | 0.00 | Jun 9, 2026 | Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity. | ||
| CVE-2026-34862 | Med | 0.41 | 6.3 | 0.00 | Apr 13, 2026 | Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability. | ||
| CVE-2026-34861 | Med | 0.41 | 6.3 | 0.00 | Apr 13, 2026 | Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||
| CVE-2020-1839 | Med | 0.41 | 6.3 | 0.00 | Jul 6, 2020 | HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into… | ||
| CVE-2019-5236 | Med | 0.41 | 6.3 | 0.01 | Aug 8, 2019 | Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this… | ||
| CVE-2026-34852 | Med | 0.40 | 6.1 | 0.00 | Apr 13, 2026 | Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | ||
| CVE-2020-1855 | Med | 0.40 | 6.1 | 0.00 | Feb 18, 2020 | Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device… | ||
| CVE-2019-5246 | Med | 0.40 | 6.2 | 0.00 | Nov 13, 2019 | Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does… | ||
| CVE-2019-5229 | Med | 0.40 | 6.2 | 0.00 | Nov 12, 2019 | P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack,… | ||
| CVE-2019-5286 | Med | 0.40 | 6.1 | 0.01 | Jun 13, 2019 | There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007. | ||
| CVE-2018-7940 | Med | 0.40 | 6.2 | 0.00 | May 10, 2018 | Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some… | ||
| CVE-2017-8215 | Med | 0.40 | 6.2 | 0.00 | Nov 22, 2017 | Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions… | ||
| CVE-2017-8214 | Med | 0.40 | 6.2 | 0.00 | Nov 22, 2017 | Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions… | ||
| CVE-2017-8182 | Med | 0.40 | 6.1 | 0.01 | Nov 22, 2017 | MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given… | ||
| CVE-2017-8139 | Med | 0.40 | 6.1 | 0.01 | Nov 22, 2017 | HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users. | ||
| CVE-2017-8127 | Med | 0.40 | 6.1 | 0.01 | Nov 22, 2017 | The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. | ||
| CVE-2017-8125 | Med | 0.40 | 6.1 | 0.01 | Nov 22, 2017 | The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. | ||
| CVE-2016-8789 | Med | 0.40 | 6.1 | 0.01 | Apr 2, 2017 | Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS. | ||
| CVE-2016-6840 | Med | 0.40 | 6.1 | 0.01 | Sep 26, 2016 | Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors. | ||
| CVE-2016-6158 | Med | 0.40 | 6.1 | 0.01 | Sep 21, 2016 | Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via… | ||
| CVE-2016-6839 | Med | 0.40 | 6.1 | 0.01 | Sep 7, 2016 | CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||
| CVE-2016-4575 | Med | 0.40 | 6.1 | 0.01 | May 25, 2016 | Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and… | ||
| CVE-2015-8682 | Med | 0.40 | 6.1 | 0.01 | Apr 13, 2016 | The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before… | ||
| CVE-2016-2214 | Med | 0.40 | 6.1 | 0.01 | Feb 8, 2016 | Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||
| CVE-2015-8675 | Med | 0.40 | 6.2 | 0.00 | Jan 15, 2016 | Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. | ||
| CVE-2020-1840 | Med | 0.39 | 6.0 | 0.00 | Jan 21, 2020 | HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak… | ||
| CVE-2017-8189 | Med | 0.39 | 6.0 | 0.00 | Nov 22, 2017 | FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal. | ||
| CVE-2026-34859 | Med | 0.38 | 5.9 | 0.00 | Apr 13, 2026 | UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||
| CVE-2022-48613 | Med | 0.38 | 5.9 | 0.00 | Nov 8, 2023 | Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed. | ||
| CVE-2022-48509 | Med | 0.38 | 5.9 | 0.00 | Jul 6, 2023 | Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally. | ||
| CVE-2022-44563 | Med | 0.38 | 5.9 | 0.00 | Nov 9, 2022 | There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality. | ||
| CVE-2022-39006 | Med | 0.38 | 5.9 | 0.00 | Sep 16, 2022 | The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart. | ||
| CVE-2021-40055 | Med | 0.38 | 5.9 | 0.00 | Mar 10, 2022 | There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity. | ||
| CVE-2021-37085 | Med | 0.38 | 5.9 | 0.00 | Dec 7, 2021 | There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service. |
- risk 0.42cvss 6.5epss 0.01
The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays.
- risk 0.42cvss 6.5epss 0.01
Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service.
- risk 0.42cvss 6.5epss 0.01
Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2…
- risk 0.42cvss 6.5epss 0.02
Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.
- risk 0.42cvss 6.5epss 0.01
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter.
- risk 0.42cvss 6.5epss 0.01
Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause…
- risk 0.42cvss 6.5epss 0.01
Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
- risk 0.42cvss 6.5epss 0.01
Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment.
- risk 0.42cvss 6.5epss 0.01
Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets.
- risk 0.42cvss 6.5epss 0.01
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.
- risk 0.42cvss 6.5epss 0.01
Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets.
- risk 0.42cvss 6.5epss 0.00
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
- risk 0.42cvss 6.5epss 0.01
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.
- risk 0.42cvss 6.5epss 0.01
Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00…
- risk 0.42cvss 6.4epss 0.00
Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network.
- risk 0.42cvss 6.5epss 0.01
Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log.
- risk 0.41cvss 6.3epss 0.00
Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity.
- risk 0.41cvss 6.3epss 0.00
Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability.
- risk 0.41cvss 6.3epss 0.00
Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.
- risk 0.41cvss 6.3epss 0.00
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into…
- risk 0.41cvss 6.3epss 0.01
Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this…
- risk 0.40cvss 6.1epss 0.00
Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.
- risk 0.40cvss 6.1epss 0.00
Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device…
- risk 0.40cvss 6.2epss 0.00
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does…
- risk 0.40cvss 6.2epss 0.00
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack,…
- risk 0.40cvss 6.1epss 0.01
There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007.
- risk 0.40cvss 6.2epss 0.00
Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some…
- risk 0.40cvss 6.2epss 0.00
Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions…
- risk 0.40cvss 6.2epss 0.00
Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions…
- risk 0.40cvss 6.1epss 0.01
MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given…
- risk 0.40cvss 6.1epss 0.01
HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users.
- risk 0.40cvss 6.1epss 0.01
The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.
- risk 0.40cvss 6.1epss 0.01
The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.
- risk 0.40cvss 6.1epss 0.01
Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via…
- risk 0.40cvss 6.1epss 0.01
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and…
- risk 0.40cvss 6.1epss 0.01
The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- risk 0.40cvss 6.2epss 0.00
Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display.
- risk 0.39cvss 6.0epss 0.00
HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak…
- risk 0.39cvss 6.0epss 0.00
FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal.
- risk 0.38cvss 5.9epss 0.00
UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
- risk 0.38cvss 5.9epss 0.00
Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.
- risk 0.38cvss 5.9epss 0.00
Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.
- risk 0.38cvss 5.9epss 0.00
There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.
- risk 0.38cvss 5.9epss 0.00
The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.
- risk 0.38cvss 5.9epss 0.00
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.
- risk 0.38cvss 5.9epss 0.00
There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service.
Page 24 of 46