Lucene search

K

S12700; S1700; S2700; S3700; S5700; S6700; S7700; S9700 Security Vulnerabilities

prion
prion

Memory corruption

Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed...

7.5CVSS

7.2AI Score

0.002EPSS

2016-09-26 03:59 PM
3
cvelist
cvelist

CVE-2016-6518

Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed...

7.4AI Score

0.002EPSS

2016-09-26 03:00 PM
huawei
huawei

Security Advisory - DoS Vulnerability in Huawei Switches

There is a DoS vulnerability caused by memory leak in some of Huawei products as affected products list below. For lacking of adequate input validation,attackers can craft and send a large number of malformed packets to the target device to exhaust the memory of the device and may cause the device....

7.5CVSS

7.3AI Score

0.002EPSS

2016-09-14 12:00 AM
14
cve
cve

CVE-2016-6670

Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a...

5.3CVSS

5.4AI Score

0.001EPSS

2016-09-07 07:28 PM
22
nvd
nvd

CVE-2016-6670

Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a...

5.3CVSS

5.3AI Score

0.001EPSS

2016-09-07 07:28 PM
prion
prion

Design/Logic Flaw

Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a...

5.3CVSS

7.3AI Score

0.001EPSS

2016-09-07 07:28 PM
1
cvelist
cvelist

CVE-2016-6670

Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a...

5.4AI Score

0.001EPSS

2016-09-07 07:00 PM
huawei
huawei

Security Advisory - IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

There is a vulnerability in the IP Version 6 (IPv6) Neighbor Discovery packet process of multiple products, successful exploit could allow an unauthenticated, remote attacker to cause an affected device to start dropping legitimate IPv6 neighbors as legitimate ND times out, leading to a denial of.....

7.5CVSS

7.3AI Score

0.015EPSS

2016-08-24 12:00 AM
9
huawei
huawei

Security Advisory - A Security Vulnerability of Using Insecure Random Numbers to Generate Self-signed Certificates in Huawei Products

Some Huawei products automatically generate self-signed certificates upon the first use. The random numbers used to generate these certificates are not random enough. Different devices' certificates may use the same random number consequently, which contains the risk of an attacker compromising...

5.3CVSS

5.4AI Score

0.001EPSS

2016-08-10 12:00 AM
11
huawei
huawei

Security Advisory - A Security Vulnerability of Using Insecure Random Numbers to Generate Self-signed Certificates in Huawei Products

Some Huawei products automatically generate self-signed certificates upon the first use. The random numbers used to generate these certificates are not random enough. Different devices' certificates may use the same random number consequently, which contains the risk of an attacker compromising...

6.6AI Score

2016-07-20 12:00 AM
5
huawei
huawei

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

Some Huawei products have a memory leak vulnerability. When the packet processing module of the device processes abnormal Multiprotocol Label Switching (MPLS) packets sent by attackers, the module repeatedly applies for memory, resulting in memory exhaustion in persistent attacks. (Vulnerability...

7.5CVSS

7.3AI Score

0.002EPSS

2016-06-08 12:00 AM
16
nvd
nvd

CVE-2016-4087

Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS...

8.1CVSS

8.4AI Score

0.005EPSS

2016-05-23 07:59 PM
cve
cve

CVE-2016-4087

Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS...

8.1CVSS

8.3AI Score

0.005EPSS

2016-05-23 07:59 PM
16
prion
prion

Code injection

Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS...

8.1CVSS

8.3AI Score

0.005EPSS

2016-05-23 07:59 PM
2
cvelist
cvelist

CVE-2016-4087

Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS...

8.4AI Score

0.005EPSS

2016-05-23 07:00 PM
huawei
huawei

Security Advisory - Input Validation Vulnerability in Multiple Huawei Products

There is an input validation vulnerability in Multiple Huawei products, when the debug switch on the device is enabled, an attacker with network access may exploit this vulnerability by crafting malformed DNS packets and sending them to the target device. As for the lacking of input validation, an....

8.1CVSS

8.3AI Score

0.005EPSS

2016-04-27 12:00 AM
16
nvd
nvd

CVE-2015-8677

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008,.....

6.5CVSS

6.2AI Score

0.001EPSS

2016-04-14 03:59 PM
cve
cve

CVE-2015-8677

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008,.....

6.5CVSS

6.2AI Score

0.001EPSS

2016-04-14 03:59 PM
24
nvd
nvd

CVE-2015-8676

Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00.....

7.5CVSS

7.3AI Score

0.003EPSS

2016-04-14 03:59 PM
cve
cve

CVE-2015-8676

Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00.....

7.5CVSS

7.3AI Score

0.003EPSS

2016-04-14 03:59 PM
25
prion
prion

Information disclosure

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008,.....

6.5CVSS

6.8AI Score

0.001EPSS

2016-04-14 03:59 PM
3
prion
prion

Memory corruption

Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00.....

7.5CVSS

7.1AI Score

0.003EPSS

2016-04-14 03:59 PM
cvelist
cvelist

CVE-2015-8676

Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00.....

7.4AI Score

0.003EPSS

2016-04-14 03:00 PM
cvelist
cvelist

CVE-2015-8677

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008,.....

6.3AI Score

0.001EPSS

2016-04-14 03:00 PM
1
cve
cve

CVE-2016-3678

Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted...

7.5CVSS

7.4AI Score

0.002EPSS

2016-04-11 03:59 PM
22
nvd
nvd

CVE-2016-3678

Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted...

7.5CVSS

7.4AI Score

0.002EPSS

2016-04-11 03:59 PM
prion
prion

Code injection

Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted...

7.5CVSS

7.2AI Score

0.002EPSS

2016-04-11 03:59 PM
1
cvelist
cvelist

CVE-2016-3678

Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted...

7.4AI Score

0.002EPSS

2016-04-11 03:00 PM
huawei
huawei

Security Advisory - DoS Vulnerability in Huawei S Series Switches

Multiple models of Huawei S series switches have a DoS vulnerability. When an attacker controls or impersonates a server connected to a switch, the attacker can send malicious attack packets to the switch to cause it to restart and make it unavailable. (Vulnerability ID: HWPSIRT-2015-12022) This...

7.5CVSS

7.4AI Score

0.002EPSS

2016-03-30 12:00 AM
9
huawei
huawei

Security Advisory - GNU Glibc Buffer Overflow Security Vulnerability

Google security research team disclosed a buffer overflow vulnerability in GNU C library (glibc) (CVE-2015-7547) on February 16, 2016, remote attackers can exploit the vulnerability to execute arbitrary code on an affected device. (Vulnerability ID: HWPSIRT-2016-02018) This vulnerability has been.....

8.1CVSS

8.9AI Score

0.974EPSS

2016-03-04 12:00 AM
27
huawei
huawei

Security Advisory - Permission Control Vulnerability in Some Huawei Switches

Some Huawei switches have a permission control vulnerability. If a switch enables Authentication, Authorization and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege...

7.5CVSS

7.3AI Score

0.001EPSS

2016-02-17 12:00 AM
10
seebug
seebug

多款Huawei路由器信息泄露漏洞

Summary The CF cards on some Huawei switches and ARs contain some sensitive information in plaintext. Once an attacker gets such a CF card, it may result in the leak of sensitive information (HWPSIRT-2015-07048). This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID:...

5.1AI Score

0.001EPSS

2015-11-25 12:00 AM
31
huawei
huawei

Security Advisory - Information Leak Vulnerability in Certain Huawei Products

Some Huawei products have two information leak vulnerabilities caused by improper encryption mechanisms. Users can use reversible or irreversible encryption algorithms to encrypt passwords. If a reversible encryption algorithm is used to encrypt administrators' passwords, an attacker with high...

4.9CVSS

5.5AI Score

0.001EPSS

2015-09-30 12:00 AM
14
huawei
huawei

Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products

A security vulnerability exists in Rivest Cipher 4 (RC4) used by TLS and SSL protocols. RC4 cannot provide sufficient data protection. After listening to an SSL or TLS connection, an attacker can obtain plaintext data by brute force cracking. This vulnerability is also called Bar Mitzvah....

5.2AI Score

0.003EPSS

2015-09-19 12:00 AM
20
huawei
huawei

Security Advisory - CF Card Information Leak Vulnerability on Multiple Huawei Products

The CF cards on some Huawei switches and ARs contain some sensitive information in plaintext. Once an attacker gets such a CF card, it may result in the leak of sensitive information (HWPSIRT-2015-07048). Currently, official fixes are...

6.5AI Score

2015-08-05 12:00 AM
11
huawei
huawei

Security Advisory - IP Option Improper Handling Vulnerability in Multiple Huawei Products

Multiple Huawei Products have an improper IP option handling vulnerability. The IP stack implementation in multiple Huawei products mishandles IP options when a crafted ICMP request message is received, leading to the board reboot (Vulnerability ID: HWPSIRT-2015-02003). This Vulnerability has...

7.5CVSS

7.2AI Score

0.002EPSS

2015-05-06 12:00 AM
10
cve
cve

CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

4.8AI Score

0.003EPSS

2015-04-01 02:00 AM
769
2
huawei
huawei

Security Advisory – Authentication Caused Memory Overflow Vulnerability in Some Huawei Switch Products

The user authentication module in some Huawei switch products has the memory overflow vulnerability that can cause device restart when users log in improperly (Vulnerability ID: HWPSIRT-2015-02014). This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID:...

7.5CVSS

7.5AI Score

0.002EPSS

2015-03-19 12:00 AM
13
huawei
huawei

Security Advisory-Authority Control Vulnerability in Quidway Switches

Huawei Quidway switches have the authority control vulnerability in access authentication, which may be exploited by attackers to obtain higher access permissions. (Vulnerability ID: HWPSIRT-2014-11119) This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID:...

6.1AI Score

0.003EPSS

2015-01-21 12:00 AM
11
huawei
huawei

Security Advisory-VRP SSH Denial of Service Vulnerability

The SSH of the VRP has an input verification issue. Remote attackers can send a special SSH packet to the device to cause a denial of service (Vulnerability ID: HWPSIRT-2014-0701). This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID:...

7.5CVSS

7.1AI Score

0.002EPSS

2014-10-10 12:00 AM
15
huawei
huawei

Security Advisory-9 OpenSSL vulnerabilities on Huawei products

This security advisory (SA) describes the impact of 9 OpenSSL vulnerabilities discovered in third-party software. (Vulnerability ID: HWPSIRT-2014-0816) These vulnerabilities are referenced in this document as follows: 1.Information leak in pretty printing functions (CVE-2014-3508). A flaw in...

1AI Score

0.928EPSS

2014-10-08 12:00 AM
37
huawei
huawei

Security Advisory-Information Leakage Vulnerability via MPLS Ping in VRP Platform

VRP (Versatile Routing Platform) has been developed by Huawei to provide improved IP routing services. The VRP has been widely applied to network devices, including high-end and low-end switches and routers, wireless and transmission devices. Information leakage vulnerability exists in several...

5.3CVSS

5.3AI Score

0.001EPSS

2014-09-24 12:00 AM
16
nessus
nessus

Huawei Campus Switch Multiple Vulnerabilities (HWPSIRT-2014-0315 - HWPSIRT-2014-0318)

The remote host is a Huawei switch running a firmware version that is affected by multiple vulnerabilities due to flaws in the Boot and BootROM menus. A remote, unauthenticated attacker could exploit these vulnerabilities to take control of the...

8.8CVSS

0.1AI Score

0.001EPSS

2014-08-22 12:00 AM
8
nessus
nessus

Huawei Campus Switch Information Disclosure (HWNSIRT-2013-0317)

The remote host is a Huawei switch running a firmware version that is affected by an information disclosure vulnerability due to a failure of access control. An authenticated, 'low priority security zone' attacker can exploit this vulnerability to access 'high priority security zone' areas of the.....

-0.2AI Score

0.001EPSS

2014-08-22 12:00 AM
11
huawei
huawei

Security Advisory- SSH Username Information Disclosure Vulnerability in Huawei Campus Switch

Some versions of Huawei Campus switch series products S9300/S9300E/S7700/S9700 /S5700/S6700/S5300/S6300/S2300/S2700/S3300/S3700 are affected by username information disclosure vulnerability. When the maintenance terminal of a Huawei Campus switch uses SSH to log in to a server, attackers can...

5.9CVSS

5.2AI Score

0.002EPSS

2014-08-20 12:00 AM
11
nessus
nessus

Huawei eSap Platform DoS (HWPSIRT-2014-0111)

The remote host is a Huawei device running a firmware version that is affected by a denial of service vulnerability. The issue stems from a heap overflow vulnerability in the firmware. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed packets to cause...

7.5CVSS

0.6AI Score

0.002EPSS

2014-07-25 12:00 AM
24
nessus
nessus

Huawei Quidway Switches DoS (HWPSIRT-2014-0301)

The remote host is a Huawei Quidway switch running a firmware version that is affected by a denial of service vulnerability. The issue is due to a failure to properly validate input. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed packets to cause excessive....

7.5CVSS

0.4AI Score

0.001EPSS

2014-07-25 12:00 AM
13
kitploit
kitploit

PacketFence v4.3.0 - Free and Open Source network access control (NAC) solution

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support,...

8.2AI Score

2014-07-17 03:27 PM
54
nvd
nvd

CVE-2014-4190

Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300,...

6.7AI Score

0.002EPSS

2014-06-17 02:55 PM
prion
prion

Heap overflow

Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300,...

7.2AI Score

0.002EPSS

2014-06-17 02:55 PM
3
Total number of security vulnerabilities312