VYPR

Vendor CVEs

Huawei

All CVEs

2,254 total · sorted by risk
  • CVE-2015-2251HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.01

    The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.

  • CVE-2015-6586HigMay 23, 2017
    risk 0.49cvss 7.5epss 0.01

    The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network.

  • CVE-2016-8803HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.00

    The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage.

  • CVE-2016-8798HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.

  • CVE-2016-8797HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00;…

  • CVE-2016-8796HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition.

  • CVE-2016-8773HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00;…

  • CVE-2016-8754HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.00

    Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH.

  • CVE-2016-2404HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control…

  • CVE-2015-7844HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable.

  • CVE-2014-9692HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2…

  • CVE-2014-9690HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier's solution is not random enough. As a result, brute…

  • CVE-2014-8572HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001,…

  • CVE-2014-4706HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S2350 with software…

  • CVE-2014-3224HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by…

  • CVE-2014-3223HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packets. The vulnerability causes the restart of switches.

  • CVE-2014-3222HigApr 2, 2017
    risk 0.49cvss 7.0epss 0.01

    In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources.

  • CVE-2014-3221HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process becomes slow and users may be unable…

  • CVE-2016-5822HigJan 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets.

  • CVE-2016-8278HigOct 3, 2016
    risk 0.49cvss 7.5epss 0.01

    Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL.

  • CVE-2016-6518HigSep 26, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets.

  • CVE-2016-6669HigSep 22, 2016
    risk 0.49cvss 7.5epss 0.03

    Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a…

  • CVE-2016-6159HigSep 21, 2016
    risk 0.49cvss 7.5epss 0.01

    The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface.

  • CVE-2016-7107HigSep 7, 2016
    risk 0.49cvss 7.5epss 0.01

    Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors.

  • CVE-2016-6899HigSep 7, 2016
    risk 0.49cvss 7.5epss 0.01

    The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before…

  • CVE-2016-6838HigSep 7, 2016
    risk 0.49cvss 7.5epss 0.01

    Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers…

  • CVE-2016-5368HigJun 30, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets.

  • CVE-2016-5367HigJun 14, 2016
    risk 0.49cvss 7.5epss 0.01

    Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053.

  • CVE-2016-5366HigJun 14, 2016
    risk 0.49cvss 7.5epss 0.01

    Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052.

  • CVE-2016-4577HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.01

    Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet,…

  • CVE-2015-8676HigApr 14, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with…

  • CVE-2016-3678HigApr 11, 2016
    risk 0.49cvss 7.5epss 0.01

    Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic.

  • CVE-2015-8265HigFeb 1, 2016
    risk 0.49cvss 7.5epss 0.02

    Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via…

  • CVE-2015-8231HigJan 11, 2016
    risk 0.49cvss 7.5epss 0.01

    Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets.

  • CVE-2015-8230HigJan 11, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP packets.

  • CVE-2009-2272HigJul 1, 2009
    risk 0.49cvss 7.5epss 0.01

    The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified…

  • CVE-2016-6192HigAug 2, 2016
    risk 0.48cvss 7.3epss 0.01

    Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193.

  • CVE-2016-5722HigJun 24, 2016
    risk 0.48cvss 7.3epss 0.01

    Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.

  • CVE-2015-8331HigJan 11, 2016
    risk 0.48cvss 7.4epss 0.01

    The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID.

  • CVE-2026-34856HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2023-7263HigDec 28, 2024
    risk 0.47cvss 7.3epss 0.00

    Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a…

  • CVE-2017-17172HigJun 14, 2018
    risk 0.47cvss 7.3epss 0.00

    Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the…

  • CVE-2017-8198HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.01

    FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection…

  • CVE-2017-8197HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.02

    FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute…

  • CVE-2017-8188HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.02

    FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution.

  • CVE-2017-2736HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.01

    VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack.

  • CVE-2016-8801HigApr 2, 2017
    risk 0.47cvss 7.2epss 0.01

    Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege.

  • CVE-2016-8769MedApr 2, 2017
    risk 0.47cvss 6.7epss 0.02

    Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after…

  • CVE-2018-7921MedSep 12, 2018
    risk 0.46cvss 6.5epss 0.13

    Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information.

  • CVE-2017-15309HigDec 22, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.

Page 5 of 46