Filtered by vendor Huawei
Subscribe
Search
Total
1474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15335 | 1 Huawei | 52 Dp300, Dp300 Firmware, Espace U1981 and 49 more | 2018-02-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker may send specially crafted messages to the affected products. Due to the insufficient validation of some values for SIP messages, successful exploit may cause services abnormal. | |||||
| CVE-2017-15333 | 1 Huawei | 14 Ecns210 Td, Ecns210 Td Firmware, S12700 and 11 more | 2018-02-27 | 4.3 MEDIUM | 4.7 MEDIUM |
| XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks. | |||||
| CVE-2014-4705 | 1 Huawei | 42 Ar1200, Ar1200 Firmware, Ar150 and 39 more | 2018-02-26 | 7.8 HIGH | 7.5 HIGH |
| Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. | |||||
| CVE-2017-17166 | 1 Huawei | 12 Dp300, Dp300 Firmware, Secospace Usg6300 and 9 more | 2018-02-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted. | |||||
| CVE-2017-17163 | 1 Huawei | 2 Secospace Usg6600, Secospace Usg6600 Firmware | 2018-02-26 | 2.1 LOW | 5.5 MEDIUM |
| Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by executing some commands. The attacker can exploit this vulnerability to cause a denial of service. | |||||
| CVE-2017-17152 | 1 Huawei | 16 Ips Module, Ips Module Firmware, Ngfw Module and 13 more | 2018-02-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds write vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory write, which may further lead to system exceptions. | |||||
| CVE-2017-15351 | 1 Huawei | 2 Honor V9 Play, Honor V9 Play Firmware | 2018-02-26 | 7.2 HIGH | 6.8 MEDIUM |
| The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. | |||||
| CVE-2017-15329 | 1 Huawei | 2 Uma, Uma Firmware | 2018-02-26 | 6.5 MEDIUM | 8.8 HIGH |
| Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries. | |||||
| CVE-2017-17288 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause integer overflow and some process abnormal. | |||||
| CVE-2017-17185 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make the device access invalid memory and might reset a process. | |||||
| CVE-2017-17184 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process. | |||||
| CVE-2017-17183 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process. | |||||
| CVE-2017-15348 | 1 Huawei | 16 Ips Module, Ips Module Firmware, Ngfw Module and 13 more | 2018-02-26 | 7.8 HIGH | 7.5 HIGH |
| Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset. | |||||
| CVE-2017-15347 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Firmware | 2018-02-26 | 7.1 HIGH | 5.5 MEDIUM |
| Huawei Mate 9 Pro mobile phones with software of versions earlier than LON-AL00BC00B235 have a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can riggers access memory after free it. A local attacker may exploit this vulnerability to cause the mobile phone to crash. | |||||
| CVE-2017-17187 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process. | |||||
| CVE-2017-17186 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-26 | 5.5 MEDIUM | 5.4 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a DoS vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make some data overwritten, leak device memory and potentially reset a process. | |||||
| CVE-2017-17157 | 1 Huawei | 16 Ips Module, Ips Module Firmware, Ngfw Module and 13 more | 2018-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions. | |||||
| CVE-2017-17156 | 1 Huawei | 16 Ips Module, Ips Module Firmware, Ngfw Module and 13 more | 2018-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions. | |||||
| CVE-2017-17155 | 1 Huawei | 16 Ips Module, Ips Module Firmware, Ngfw Module and 13 more | 2018-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to incompliance with the 4-byte alignment requirement imposed by the MIPS CPU. An attacker could exploit it to cause unauthorized memory access, which may further lead to system exceptions. | |||||
| CVE-2017-17154 | 1 Huawei | 16 Ips Module, Ips Module Firmware, Ngfw Module and 13 more | 2018-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has a DoS vulnerability due to insufficient input validation. An attacker could exploit it to cause unauthorized memory access, which may further lead to system exceptions. | |||||
| CVE-2017-15346 | 1 Huawei | 14 Ecns210 Td, Ecns210 Td Firmware, S12700 and 11 more | 2018-02-24 | 4.3 MEDIUM | 4.7 MEDIUM |
| XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks. | |||||
| CVE-2017-15350 | 1 Huawei | 38 Dp300, Dp300 Firmware, Ips Module and 35 more | 2018-02-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Common Open Policy Service Protocol (COPS) module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10,SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3206 V100R002C00, V100R002C10,USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50 haa a buffer overflow vulnerability. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted message to the affected products. The vulnerability is due to insufficient input validation of the message, which could result in a buffer overflow. Successful exploit may cause some services abnormal. | |||||
| CVE-2017-17182 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-02-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make the device access invalid memory and might reset a process. | |||||
| CVE-2017-17151 | 1 Huawei | 60 Ar100, Ar100-s, Ar100-s Firmware and 57 more | 2018-02-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks. | |||||
| CVE-2017-15356 | 1 Huawei | 14 Dp300, Dp300 Firmware, Rp200 and 11 more | 2018-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. | |||||
| CVE-2017-15355 | 1 Huawei | 14 Dp300, Dp300 Firmware, Rp200 and 11 more | 2018-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. | |||||
| CVE-2017-15354 | 1 Huawei | 14 Dp300, Dp300 Firmware, Rp200 and 11 more | 2018-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. | |||||
| CVE-2017-15353 | 1 Huawei | 22 Dp300, Dp300 Firmware, Rp200 and 19 more | 2018-02-22 | 4.3 MEDIUM | 3.7 LOW |
| Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660, V100R008C03 have an out-of-bounds read vulnerability. An attacker has to control the peer device and send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause some service abnormal. | |||||
| CVE-2017-15345 | 1 Huawei | 2 Lon-l29d, Lon-l29d Firmware | 2018-02-22 | 5.7 MEDIUM | 5.3 MEDIUM |
| Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot. | |||||
| CVE-2017-15344 | 1 Huawei | 4 Ar120-s Firmware, Ar1200 Firmware, Ar3200 and 1 more | 2018-02-22 | 7.8 HIGH | 7.5 HIGH |
| Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot. | |||||
| CVE-2017-15343 | 1 Huawei | 4 Ar120-s Firmware, Ar1200 Firmware, Ar3200 and 1 more | 2018-02-22 | 7.8 HIGH | 7.5 HIGH |
| Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could system reboot. | |||||
| CVE-2017-15342 | 1 Huawei | 8 Dp300, Dp300 Firmware, Espace U1981 and 5 more | 2018-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100 have a denial of service vulnerability. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A remote unauthenticated attacker could send a lot of crafted SSL messages to the device, successful exploit could cause no space in the buffer and then denial of service. | |||||
| CVE-2017-15341 | 1 Huawei | 8 Ar3200, Ar3200 Firmware, Te40 and 5 more | 2018-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device. | |||||
| CVE-2014-5394 | 1 Huawei | 24 S2300, S2300 Firmware, S2700 and 21 more | 2018-01-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. | |||||
| CVE-2017-15324 | 1 Huawei | 4 S5700, S5700 Firmware, S6700 and 1 more | 2018-01-17 | 7.8 HIGH | 7.5 HIGH |
| Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart. | |||||
| CVE-2017-15317 | 1 Huawei | 30 Ar120-s, Ar120-s Firmware, Ar1200 and 27 more | 2018-01-12 | 7.8 HIGH | 7.5 HIGH |
| AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device, causing the device to read out of bounds and restart. | |||||
| CVE-2017-15311 | 1 Huawei | 8 Mate 10, Mate 10 Firmware, Mate 10 Pro and 5 more | 2018-01-09 | 5.8 MEDIUM | 8.8 HIGH |
| The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module. | |||||
| CVE-2017-15322 | 1 Huawei | 2 Baggio-l03a, Baggio-l03a Firmware | 2018-01-09 | 3.3 LOW | 6.5 MEDIUM |
| Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device. Successful exploit could make a service crash. | |||||
| CVE-2017-15313 | 1 Huawei | 1 Smartcare | 2018-01-05 | 6.5 MEDIUM | 8.8 HIGH |
| Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device. | |||||
| CVE-2017-15320 | 1 Huawei | 10 Rp200, Rp200 Firmware, Te30 and 7 more | 2018-01-05 | 7.8 HIGH | 7.5 HIGH |
| RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | |||||
| CVE-2017-15318 | 1 Huawei | 10 Rp200, Rp200 Firmware, Te30 and 7 more | 2018-01-05 | 7.8 HIGH | 7.5 HIGH |
| RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | |||||
| CVE-2017-15319 | 1 Huawei | 10 Rp200, Rp200 Firmware, Te30 and 7 more | 2018-01-05 | 7.8 HIGH | 7.5 HIGH |
| RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | |||||
| CVE-2017-15310 | 1 Huawei | 1 Ireader | 2018-01-05 | 5.8 MEDIUM | 6.5 MEDIUM |
| Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD card. | |||||
| CVE-2017-15309 | 1 Huawei | 1 Ireader | 2018-01-05 | 5.8 MEDIUM | 7.1 HIGH |
| Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory. | |||||
| CVE-2017-15308 | 1 Huawei | 1 Ireader | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run. | |||||
| CVE-2017-15321 | 1 Huawei | 1 Fusionsphere Openstack | 2018-01-05 | 4.3 MEDIUM | 3.7 LOW |
| Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak. | |||||
| CVE-2017-15316 | 1 Huawei | 4 Mate 9, Mate 9 Firmware, Mate 9 Pro and 1 more | 2018-01-05 | 9.3 HIGH | 7.8 HIGH |
| The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution. | |||||
| CVE-2017-15312 | 1 Huawei | 1 Smartcare | 2018-01-04 | 3.5 LOW | 5.4 MEDIUM |
| Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device. | |||||
| CVE-2014-8358 | 1 Huawei | 6 Ec156, Ec156 Firmware, Ec176 and 3 more | 2017-12-29 | 9.3 HIGH | 7.8 HIGH |
| Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe. | |||||
| CVE-2017-8191 | 1 Huawei | 1 Fusionsphere Openstack | 2017-12-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links. | |||||