VYPR

Vendor CVEs

Huawei

All CVEs

2,254 total · sorted by risk
  • CVE-2017-8153HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining…

  • CVE-2017-2735HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.01

    TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could…

  • CVE-2017-2707HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.00

    Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send…

  • CVE-2017-2706HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.01

    Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and…

  • CVE-2015-4422HigOct 19, 2017
    risk 0.46cvss 7.0epss 0.01

    The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application.

  • CVE-2015-7842HigOct 10, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before…

  • CVE-2016-8794HigApr 2, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before…

  • CVE-2016-8792HigApr 2, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before…

  • CVE-2016-8791HigApr 2, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before…

  • CVE-2016-6179HigSep 7, 2016
    risk 0.46cvss 7.0epss 0.00

    The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 before H60-L01C00B850, H60-L11 before H60-L11C00B850, H60-L21 before H60-L21C00B850, H60-L02 before H60-L02C00B850, H60-L12 before H60-L12C00B850, and H60-L03 before H60-L03C01B850 allows attackers to cause a…

  • CVE-2016-6184HigSep 7, 2016
    risk 0.46cvss 7.0epss 0.00

    The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted…

  • CVE-2016-6183HigSep 7, 2016
    risk 0.46cvss 7.0epss 0.00

    The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted…

  • CVE-2016-6182HigSep 7, 2016
    risk 0.46cvss 7.0epss 0.01

    The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted…

  • CVE-2016-6181HigSep 7, 2016
    risk 0.46cvss 7.0epss 0.00

    The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted…

  • CVE-2016-6180HigSep 7, 2016
    risk 0.46cvss 7.0epss 0.00

    The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted…

  • CVE-2015-8333HigJan 11, 2016
    risk 0.46cvss 7.1epss 0.01

    The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets.

  • CVE-2026-28553MedApr 13, 2026
    risk 0.45cvss 6.9epss 0.00

    Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2026-34864MedApr 13, 2026
    risk 0.44cvss 6.8epss 0.00

    Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-34863MedApr 13, 2026
    risk 0.44cvss 6.7epss 0.00

    Out-of-bounds write vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2018-7929MedSep 18, 2018
    risk 0.44cvss 6.8epss 0.00

    Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations.

  • CVE-2018-7944MedJul 5, 2018
    risk 0.44cvss 6.8epss 0.00

    Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the…

  • CVE-2017-17161MedFeb 15, 2018
    risk 0.44cvss 6.8epss 0.00

    The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the…

  • CVE-2017-15351MedFeb 15, 2018
    risk 0.44cvss 6.8epss 0.00

    The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass…

  • CVE-2017-8206MedNov 22, 2017
    risk 0.44cvss 6.8epss 0.00

    HONOR 7 Lite mobile phones with software of versions earlier than NEM-L21C432B352 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone temporarily.

  • CVE-2017-8190MedNov 22, 2017
    risk 0.44cvss 6.7epss 0.00

    FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software.

  • CVE-2017-8166MedNov 22, 2017
    risk 0.44cvss 6.8epss 0.00

    Huawei mobile phones Honor V9 with the software versions before Duke-AL20C00B195 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone.

  • CVE-2017-8156MedNov 22, 2017
    risk 0.44cvss 6.8epss 0.00

    The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful…

  • CVE-2017-8151MedNov 22, 2017
    risk 0.44cvss 6.8epss 0.00

    Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. An attacker can get a user's smart phone and install malicious apps in the mobile phone, allowing the…

  • CVE-2017-2723MedNov 22, 2017
    risk 0.44cvss 6.7epss 0.00

    The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to…

  • CVE-2017-2703MedNov 22, 2017
    risk 0.44cvss 6.8epss 0.00

    Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier…

  • CVE-2017-2702MedNov 22, 2017
    risk 0.44cvss 6.8epss 0.00

    Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone.

  • CVE-2017-2691MedNov 22, 2017
    risk 0.44cvss 6.8epss 0.00

    Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot…

  • CVE-2015-6592MedSep 25, 2017
    risk 0.44cvss 6.8epss 0.00

    Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.

  • CVE-2016-8793MedApr 2, 2017
    risk 0.44cvss 6.7epss 0.00

    Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before…

  • CVE-2016-8775MedApr 2, 2017
    risk 0.44cvss 6.7epss 0.00

    Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code,…

  • CVE-2016-8774MedApr 2, 2017
    risk 0.44cvss 6.7epss 0.00

    The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368,…

  • CVE-2015-8673MedJan 12, 2016
    risk 0.44cvss 6.8epss 0.00

    Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by…

  • CVE-2026-41976MedJun 9, 2026
    risk 0.43cvss 6.6epss 0.00

    Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2016-6898MedSep 7, 2016
    risk 0.43cvss 6.6epss 0.01

    XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document.

  • CVE-2026-41982MedJun 9, 2026
    risk 0.42cvss 6.4epss 0.00

    Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2017-17175MedJul 2, 2018
    risk 0.42cvss 6.5epss 0.00

    Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone,…

  • CVE-2017-17318MedApr 30, 2018
    risk 0.42cvss 6.5epss 0.00

    Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http…

  • CVE-2017-15315MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated…

  • CVE-2017-17304MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit…

  • CVE-2017-17250MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300…

  • CVE-2017-17170MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit…

  • CVE-2017-17169MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit…

  • CVE-2017-17168MedMar 9, 2018
    risk 0.42cvss 6.5epss 0.01

    The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit…

  • CVE-2017-17159MedFeb 15, 2018
    risk 0.42cvss 6.5epss 0.00

    Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to…

  • CVE-2017-15322MedDec 22, 2017
    risk 0.42cvss 6.5epss 0.00

    Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device.…

Page 6 of 46