VYPR

Vendor CVEs

Huawei

All CVEs

2,254 total · sorted by risk
  • CVE-2017-15310MedDec 22, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD card.

  • CVE-2017-8201MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful…

  • CVE-2017-8200MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful…

  • CVE-2017-8199MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful…

  • CVE-2017-8163MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software…

  • CVE-2017-8162MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software…

  • CVE-2017-8158MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.00

    FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources.…

  • CVE-2017-8130MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.01

    The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.

  • CVE-2017-2728MedNov 22, 2017
    risk 0.42cvss 6.4epss 0.00

    Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.uawei…

  • CVE-2017-2717MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.00

    honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a response message to the device, which contains an illegal length field, it could…

  • CVE-2016-8802MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100,…

  • CVE-2016-8781MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a…

  • CVE-2016-8780MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition.

  • CVE-2016-8779MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database.

  • CVE-2016-8764MedApr 2, 2017
    risk 0.42cvss 6.4epss 0.00

    The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows…

  • CVE-2016-8275MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb.

  • CVE-2016-6177MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays.

  • CVE-2015-8670MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service.

  • CVE-2014-9691MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2…

  • CVE-2016-8280MedOct 3, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.

  • CVE-2016-8277MedOct 3, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter.

  • CVE-2016-6901MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.01

    Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause…

  • CVE-2016-6827MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2016-6826MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment.

  • CVE-2016-6824MedSep 22, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets.

  • CVE-2016-7108MedSep 7, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.

  • CVE-2016-4057MedJun 30, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets.

  • CVE-2016-3677MedJun 13, 2016
    risk 0.42cvss 6.5epss 0.00

    The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.

  • CVE-2016-3950MedApr 18, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.

  • CVE-2015-8677MedApr 14, 2016
    risk 0.42cvss 6.5epss 0.01

    Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00…

  • CVE-2016-3676MedApr 11, 2016
    risk 0.42cvss 6.4epss 0.00

    Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network.

  • CVE-2015-8335MedJan 11, 2016
    risk 0.42cvss 6.5epss 0.01

    Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log.

  • CVE-2026-41975MedJun 9, 2026
    risk 0.41cvss 6.3epss 0.00

    Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity.

  • CVE-2026-34862MedApr 13, 2026
    risk 0.41cvss 6.3epss 0.00

    Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-34861MedApr 13, 2026
    risk 0.41cvss 6.3epss 0.00

    Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-34852MedApr 13, 2026
    risk 0.40cvss 6.1epss 0.00

    Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2018-7940MedMay 10, 2018
    risk 0.40cvss 6.2epss 0.00

    Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some…

  • CVE-2017-8215MedNov 22, 2017
    risk 0.40cvss 6.2epss 0.00

    Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions…

  • CVE-2017-8214MedNov 22, 2017
    risk 0.40cvss 6.2epss 0.00

    Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions…

  • CVE-2017-8182MedNov 22, 2017
    risk 0.40cvss 6.1epss 0.01

    MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given…

  • CVE-2017-8139MedNov 22, 2017
    risk 0.40cvss 6.1epss 0.01

    HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users.

  • CVE-2017-8127MedNov 22, 2017
    risk 0.40cvss 6.1epss 0.01

    The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.

  • CVE-2017-8125MedNov 22, 2017
    risk 0.40cvss 6.1epss 0.01

    The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.

  • CVE-2016-8789MedApr 2, 2017
    risk 0.40cvss 6.1epss 0.01

    Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.

  • CVE-2016-6840MedSep 26, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors.

  • CVE-2016-6158MedSep 21, 2016
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via…

  • CVE-2016-6839MedSep 7, 2016
    risk 0.40cvss 6.1epss 0.01

    CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

  • CVE-2016-4575MedMay 25, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and…

  • CVE-2015-8682MedApr 13, 2016
    risk 0.40cvss 6.1epss 0.01

    The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before…

  • CVE-2016-2214MedFeb 8, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Page 7 of 46