DP300, Secospace USG6300,Secospace USG6500,Secospace USG6600,TP3206, VP9660 Security Vulnerabilities

Security Advisory - MaxAge LSA Vulnerability in OSPF Protocol of Some Huawei Products

Some Huawei products have a MaxAge LSA vulnerability due to improper OSPF implementation. When the device receives special LSA packets, the LS (Link Status) age would be set to MaxAge, 3600 seconds. An attacker can exploit this vulnerability to poison the route table and launch a DoS attack....

Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products

On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client...

CVE-2016-8802

...

CVE-2016-8781

...

CVE-2016-8795

...

Design/Logic Flaw

Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of...

Integer overflow

Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10,...

Buffer overflow

The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101,...

CVE-2016-8795

Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10,...

CVE-2016-8781

Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of...

CVE-2016-8802

The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101,...

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website. An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value. (Vulnerability ID: HWPSIRT-2017-03094) This vulnerability has been assigned a CVE ID:...

Security Advisory - DoS Vulnerability in Huawei Firewall

There is a denial of service (DoS) vulnerability in Huawei firewalls due to no memory release after the execution of a specific command. A remote attacker with specific permission can log in to a device and deliver a large number of such commands to exhaust memory, causing a DoS condition....

Security Advisory - Buffer Overflow Vulnerability in Huawei Firewall Products

The security policy processing module of some Huawei firewall products have a buffer overflow vulnerability. An authenticated attacker may setup a specific security policy into the devices, causing buffer overflow and crash the system. (Vulnerability ID: HWPSIRT-2016-06074) This vulnerability has.....

Security Advisory - Integer Overflow Vulnerability in Some Huawei Devices

Some Huawei devices have an integer overflow vulnerability. Due to the lack of validation in some field of the packet, a remote, unauthenticated attacker may craft specific IPFPM packets, probably causing the device to reset. (Vulnerability ID: HWPSIRT-2016-04030) This vulnerability has been...

Memory corruption

Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of...

CVE-2016-5435

Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of...

Security Advisory - Memory Leak Vulnerability in Several Huawei Products

There is a vulnerability in several Huawei devices: USG series, NGFW module, IPS module, NIP series and AntiDDoS8000. A memory leak vulnerability exists in these products. In hot standby networking where two devices are not directly connected, an attacker can craft a malformed packet, which...

Buffer overflow

Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a...

CVE-2016-5234

Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a...

Security Advisory - Buffer Overflow Vulnerability in Some Videoconference Products

The VP9660, VP9650, and VP9630 are Multipoint Control Units (MCUs). As the core devices in videoconferencing systems, they provide endpoint access and conferencing functions. The three devices use the same software, namely, HUAWEI VP9660. The RSE6500 is a multimedia video conferencing server with.....

CVE-2016-4577

...

CVE-2016-4576

...

Buffer overflow

Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to...

Buffer overflow

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of...

CVE-2016-4576

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of...

CVE-2016-4577

Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to...

Security Advisory - Buffer Overflow Vulnerability in Huawei Several Products

There is a vulnerability in several Huawei devices: USG series, NGFW Module, IPS Module, NIP series and AntiDDoS8000. These products have a buffer overflow vulnerability in the Application Specific Packet Filtering (ASPF) function. An attacker may craft a malformed packet with illegitimate...

Security Advisory - Buffer Overflow Vulnerability in Huawei Several Products

There is a vulnerability in several Huawei devices: USG series and NGFW Module. These products have a buffer overflow vulnerability in the Smart DNS function. An attacker may craft a malformed packet with illegitimate parameters, leading to denial of service or the potential execution of arbitrary....

Huawei VP9660 Multi-Point Control Unit Detection (SNMP)

SNMP based detection of Huawei VP9660 Multi-Point Control Unit...

Huawei VP9660 Multi-Point Control Unit Multiple Vulnerabilities (huawei-sa-20151111-01-vp9660)

Huawei VP9660 Multi-Point Control Unit is prone to multiple...

Huawei VP9660信息泄露漏洞

VP9660是华为视频会议系统的多媒体控制单元。 华为VP9660产品存在服务端未对输入完全做校验的安全漏洞。在使用内置WebServer场景下, 攻击者以业务管理员身份登录到设备后，通过构造修改特定报文信息发送到服务端，可以注入恶意命令，从而导致信息泄露，设备不可用。 前提条件： 攻击者能够以业务管理员身份登录VP9660成功； VP9660在使用内置WebServer场景下存在该漏洞; 攻击步骤：...

Huawei VP9660远程安全绕过漏洞

No description provided by...

Design/Logic Flaw

The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted...

CVE-2015-8227

The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted...

Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products

VP9660 is the multi-point control unit of Huawei Video Conference system. The server of the Huawei VP9660 does not validate the input when using build-in WebServer. In such case, an attacker could log in to the device as an business administrator, graft a message to change the specific...

Operating System (OS) Detection (SNMP)

SNMP sysDescr based Operating System (OS)...