DP300, RP200, TE30, TE40, TE50, TE60 Security Vulnerabilities
Security Advisory - Three Vulnerabilities in SCCPX Module of Some Huawei Products
There is an out-of-bounds read vulnerability in SCCPX module of some Huawei products. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product....
5.3CVSS
5.8AI Score
0.002EPSS
Security Advisory - Six Vulnerabilities in Some Huawei Products
There are two out-of-bounds read vulnerability in some Huawei products. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make the device access invalid memory and might reset a process....
5.4CVSS
5.5AI Score
0.001EPSS
Security Advisory - Two Out-of-Bounds Read Vulnerabilities in Some Huawei Products
Some Huawei products have two out-of-bounds read vulnerabilities due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the...
5.9CVSS
6AI Score
0.002EPSS
Security Advisory - Two Vulnerabilities in the SIP Module of Some Huawei Products
There is an out-of-bound read vulnerability in some Huawei products. A remote attacker send specially crafted Session Initiation Protocol (SIP) messages to the affected products. Due to insufficient input validation, successful exploit will cause some services abnormal. (Vulnerability ID:...
5.3CVSS
5.3AI Score
0.002EPSS
Security Advisory - Integer Overflow Vulnerability in Some Huawei Products
There is an integer overflow vulnerability in some Huawei products. An unauthenticated, remote attacker may send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause integer overflow and some process abnormal. (Vulnerability ID:...
5.3CVSS
5.6AI Score
0.002EPSS
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
There is a memory leak vulnerability in some Huawei products. An authenticated, local attacker may craft and load some specific Certificate Revocation List(CRL) configuration files to the devices repeatedly. Due to not release allocated memory properly, successful exploit may result in memory leak....
3.3CVSS
4.4AI Score
0.0004EPSS
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
There is a memory leak vulnerability in several Huawei products. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal. (Vulnerability ID:...
3.3CVSS
4.5AI Score
0.0004EPSS
Security Advisory - Two Vulnerabilities in MGCP Protocol of Some Huawei Products
There is an out-of-bounds read vulnerability in Media Gateway Control Protocol (MGCP) of some Huawei products. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may cause....
5.9CVSS
6.1AI Score
0.003EPSS
Security Advisory - Two Vulnerabilities in CRYPTO module of Several Huawei Products
There is a buffer overflow vulnerability in the CRYPTO module of several Huawei products. An unauthenticated, local attacker could craft malformed file with a specific field that the length is longer than the maximum value. Due to insufficient validation of the inputs, successful exploit could...
6.8AI Score
Security Advisory - Memory Leak Vulnerability in Several Huawei products
There is a memory leak vulnerability in several Huawei products. An unauthenticated, remote attacker could craft malformed packets with specific parameters when connecting with the affect products by SFTP/SSH protocol. Due to insufficient validation of packets, successful exploit could cause a...
6.4AI Score
Security Advisory - Several Vulnerabilities in H323 Protocol of Huawei Products
There are three null pointer dereference vulnerabilities in H323 protocol of Huawei products. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash.....
7.5CVSS
6.7AI Score
0.002EPSS
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote...
7.5CVSS
7.5AI Score
0.002EPSS
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote...
7.5CVSS
7.5AI Score
0.002EPSS
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote...
7.5CVSS
7.7AI Score
0.002EPSS
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote...
7.5CVSS
7.7AI Score
0.002EPSS
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote...
7.5CVSS
7.5AI Score
0.002EPSS
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote...
7.5CVSS
7.7AI Score
0.002EPSS
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote...
7.5CVSS
7.6AI Score
0.002EPSS
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote...
7.5CVSS
7.6AI Score
0.002EPSS
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote...
7.5CVSS
7.6AI Score
0.002EPSS
Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products
Some Huawei products have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain...
9.8CVSS
8.8AI Score
0.004EPSS
Security Advisory - DoS Vulnerability in Timergrp Module of Some Huawei Products
There is an DoS vulnerability in Timergrp module of some Huawei products due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to...
5.5CVSS
5.2AI Score
0.0004EPSS
Security Advisory - Multiple Input Validation Vulnerabilities in CIDAM Protocol on Huawei Products
The CIDAM Protocol on Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker.....
6.5CVSS
6.6AI Score
0.002EPSS
Security Advisory - Out-Of-Bounds Read Vulnerability in Some Huawei Products
Some Huawei products have an out-of-bounds read vulnerability. An unauthenticated attacker may send specific crafted H.323 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset. (Vulnerability ID: HWPSIRT-2017-06160) ...
6.7AI Score
Security Advisory - Information Disclosure Vulnerability in CIDAM Protocol on Huawei Products
Part of Huawei Products use the CIDAM protocol, which contains sensitive information in the message when it is implemented. So these products has an information disclosure vulnerability. An authenticated remote attacker could track and get the message of a target system. Successful exploit could...
4.9CVSS
4.8AI Score
0.001EPSS
Security Advisory - Multiple Vulnerabilities in Some Huawei Products
There are two buffer overflow vulnerabilities in some Huawei products. An unauthenticated, remote attacker may send specially crafted SIP packages to the affected products. Due to the insufficient validation of some values for SIP packages, successful exploit may cause services abnormal....
5.3CVSS
6.1AI Score
0.002EPSS
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
There is buffer overflow vulnerability in some Huawei products. An unauthenticated, remote attacker may send specially crafted certificates to the affected products. Due to insufficient validation of the certificates, successful exploit may cause buffer overflow and some service abnormal....
5.3CVSS
5.7AI Score
0.001EPSS
Security Advisory - Multiple Vulnerabilities in Some Huawei Products
There is a memory leak vulnerability in some Huawei products. An authenticated, local attacker may craft a specific XML file to the affected products. Due to not free the memory to parse the XML file, successful exploit will result in memory leak of the affected products. (Vulnerability ID:...
5.5CVSS
5.1AI Score
0.0004EPSS
Security Advisory - Resource Management Errors Vulnerability in Some Huawei Products
The Light Directory Access Protocol (LDAP) clients of some Huawei products have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the client's request by controlling the LDAP server. Due to improper management of LDAP connection....
7.5CVSS
7.1AI Score
0.002EPSS
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700...
5.3AI Score
0.0004EPSS
SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100;...
5.4AI Score
0.001EPSS
Security Advisory - Multiple Vulnerabilites in SIP Module on Huawei Products
There is an overflow vulnerability on the SIP module that attacker can exploit by sending a specially crafted SIP message, leading to a process reboot at random. (Vulnerability ID: HWPSIRT-2017-06044) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:...
5.3CVSS
5.6AI Score
0.001EPSS
Security Advisory - DoS Vulnerability in XML Parser of Some Huawei Products
XML parser has a DoS vulnerability in some Huawei products. Due to not check the specially XML file enough, an authenticated local attacker may craft specific XML files to the affected products and parse this file, which cause to null pointer accessing and result in DoS attacks. (Vulnerability ID:....
5.5CVSS
5.3AI Score
0.0004EPSS
Security Advisory - DoS Vulnerability in Some Huawei Products
There is an DoS vulnerability in some Huawei products due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system, when a system manager load the key, an infinite loop happens which lead to...
5.7CVSS
5.5AI Score
0.001EPSS
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated...
5.5AI Score
0.001EPSS
PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10;....
5.3AI Score
0.0004EPSS
SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100;...
5.3AI Score
0.001EPSS
Backup feature of SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500...
5.4AI Score
0.001EPSS
Security Advisory - Denial of Service Vulnerability on Several Huawei Products
There is a denial of service vulnerability on several products. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A remote unauthenticated attacker could send a lot of crafted SSL messages to the device, successful exploit could cause no space in...
7.5CVSS
7.2AI Score
0.002EPSS
Security Advisory - Input Validation Vulnerability in H323 Protocol of Huawei products
There is an insufficient validation vulnerability in some Huawei products. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS...
5.9CVSS
5.7AI Score
0.001EPSS
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700...
5.5AI Score
0.0004EPSS
Security Advisory - Multiple Vulnerabilities of PEM Module in Some Huawei Products
There is a null pointer reference vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker calls PEM decoder with special parameter, which could cause a denial of service. (Vulnerability ID: HWPSIRT-2017-06047) This vulnerability has been...
5.5CVSS
5.4AI Score
0.0004EPSS
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700...
5.3AI Score
0.0004EPSS
XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough....
5.3AI Score
0.0004EPSS
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
There is a buffer overflow vulnerability in the Common Open Policy Service Protocol (COPS) module of some Huawei products. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted message to the affected products. The vulnerability is due to insufficient...
5.3CVSS
5.7AI Score
0.002EPSS
Security Advisory - Multiple Buffer Overflow Vulnerabilities in Some Huawei Products
There are three buffer overflow vulnerabilities in the SIP backup feature of some Huawei products. An attacker may send specially crafted messages to the affected products. Due to the insufficient validation of some values for SIP messages, successful exploit may cause services abnormal....
5.3CVSS
5.7AI Score
0.001EPSS
Security Advisory - DoS Vulnerability in Some Huawei Products
There is a DoS vulnerability caused by memory exhaustion in some Huawei products. For insufficient input validation, attackers can craft and send some malformed messages to the target device to exhaust the memory of the device and cause a Denial of Service (DoS). (Vulnerability ID:...
5.5CVSS
5.3AI Score
0.0004EPSS
Security Advisory - Two Vulnerabilities in H323 protocol of Huawei Products
There is an out-of-bounds read vulnerability in H323 protocol of Huawei products. An unauthenticated, remote attacker may send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. (Vulnerability ID:...
5.3CVSS
5.7AI Score
0.002EPSS
Security Advisory - Denial of Service Vulnerability on Several Products
There is a denial of service vulnerability on several products. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device. (Vulnerability...
7.5CVSS
7.1AI Score
0.002EPSS
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
Some Huawei products have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. (Vulnerability ID: HWPSIRT-2017-08151) This vulnerability has been...
5.5CVSS
5.4AI Score
0.0004EPSS