Ar1200, Ar160, Ar200, Ar2200, Ar3200 Security Vulnerabilities

Improper Authentication Vulnerability in Several Huawei Products (huawei-sa-20200422-01-authentication)

Some Huawei products have an improper authentication...

CVE-2019-19415

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the....

CVE-2019-19416

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the....

CVE-2019-19417

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the....

Buffer overflow

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the....

Buffer overflow

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the....

Buffer overflow

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the....

Huawei Data Communication: Buffer Error Vulnerability in Some Huawei Products (huawei-sa-20200102-01-buffer)

There is a buffer error vulnerability in some Huawei...

Huawei Data Communication: Out-Of-Bounds Write Vulnerability on Several Huawei Products (huawei-sa-20180214-01-ospf)

There is an out-of-bounds write vulnerability on several Huawei...

Huawei Data Communication: Three DoS Vulnerabilities in the SIP Module of Some Huawei Products (huawei-sa-20200115-01-sip)

There are three denial of service (DoS) vulnerabilities in the SIP module of some Huawei...

Huawei Data Communication: Buffer Overflow Vulnerability in Some Huawei Products (huawei-sa-20171213-01-ike)

Some Huawei products have a buffer overflow vulnerability due to incomplete range checks of the input...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20190821-02-algorithm)

There is a weak algorithm vulnerability in some Huawei...

Huawei Data Communication: Information Leakage Vulnerability on Some Huawei Products (huawei-sa-20191211-01-vrp)

There is an information leakage vulnerability on some Huawei...

Huawei Data Communication: Weak Algorithm Vulnerability in Huawei VRP Platform (huawei-sa-20191204-01-vrp)

There is a weak algorithm vulnerability in some Huawei...

Huawei Data Communication: Sixteen OpenSSL Vulnerabilities on Some Huawei products (huawei-sa-20170322-01-openssl)

Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc...

Huawei Data Communication: Five Vulnerabilities in Some Huawei Products (huawei-sa-20191211-01-ssp)

There is an out-of-bounds read vulnerability in some Huawei...

Huawei Data Communication: Several Vulnerabilities in XMLparser Module of Huawei Products (huawei-sa-20180418-01-xmlparser)

There are two memory leak vulnerabilities in XMLparser module of Huawei...

Huawei Data Communication: IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability (huawei-sa-20170118-01-ipv6)

There is a vulnerability in the IP Version 6 (IPv6) Neighbor Discovery packet process of multiple products. This VT has been deprecated and is therefore no longer...

CVE-2020-9071

There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may...

Out-of-bounds

There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may...

Huawei Data Communication: Multiple Vulnerabilities in Some Huawei Products (huawei-sa-20171213-06-xml)

There is a memory leak vulnerability in some Huawei...

Huawei Data Communication: Buffer Overflow Vulnerability in Some Huawei Products (huawei-sa-20171215-01-overflow)

There is buffer overflow vulnerability in some Huawei...

Huawei Data Communication: Weak Cryptography Vulnerability in Some Huawei Products (huawei-sa-20171222-01-cryptography)

Some Huawei products have a weak cryptography...

Huawei Products Memory Leak Vulnerability (huawei-sa-20171206-04-xml)

Multiple Huawei products are prone to a memory leak ...

Huawei Data Communication: Multiple Vulnerabilities in Some Huawei Products (huawei-sa-20171215-01-buffer)

There are two buffer overflow vulnerabilities in some Huawei...

Huawei Data Communication: Insufficient Input Validation Vulnerability in Some Huawei Products (huawei-sa-20171215-01-ike)

There is an insufficient input validation vulnerability in some Huawei...

Huawei Data Communication: Two Vulnerabilities in H323 protocol of Huawei Products (huawei-sa-20171129-01-h323)

There is an out-of-bounds read vulnerability in H323 protocol of Huawei...

Huawei Data Communication: Out-Of-Bounds Read Vulnerability in Some Huawei Products (huawei-sa-20180131-01-sip)

Some Huawei products have an out-of-bounds read vulnerability due to insufficient input...

Huawei Data Communication: Improper Resource Management Vulnerability in Some Huawei Products (huawei-sa-20180418-01-ar)

There is an improper resource management vulnerability in some AR series...

Huawei Data Communication: CPU Vulnerabilities 'Meltdown' and 'Spectre' (huawei-sa-20180606-01-cpu)

Security researchers disclosed two groups of CPU...

Huawei Data Communication: Digital Signature Verification Bypass Vulnerability in Some Huawei AR Products (huawei-sa-20190320-01-ar)

There is a digital signature verification bypass vulnerability in some Huawei AR...

Huawei Data Communication: Input Validation Vulnerability in H323 Protocol of Huawei products (huawei-sa-20171206-01-h323)

There is an insufficient validation vulnerability in some Huawei...

Huawei Data Communication: Input Validation Vulnerability in Multiple Huawei Products (huawei-sa-20171206-01-sctp)

There is an input validation vulnerability in Huawei multiple...

Huawei Data Communication: A CGI application vulnerability in Some Huawei Products (huawei-sa-20171129-01-httpproxy)

Some open source software used by Huawei does not attempt to address RFC 3875 section 4.1.18 namespace...

Huawei Data Communication: Two Buffer Overflow Vulnerabilities in Some Huawei Products (huawei-sa-20180207-01-encryption)

There is an out-of-bound write vulnerability in some Huawei...

Huawei Data Communication: OpenSSL Vulnerability in Some Huawei Products (huawei-sa-20180613-01-openssl)

Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive...

Huawei Data Communication: IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability (huawei-sa-20160824-01-ipv6)

Multiple Huawei products are prone to a denial of service vulnerability in the IPv6 Neighbor Discovery packet...

Huawei Data Communication: Two Vulnerabilities in Some Huawei Products (huawei-sa-20171018-01-h323)

There is a DoS vulnerability in some Huawei...

Huawei Data Communication: MaxAge LSA Vulnerability in OSPF Protocol of Some Huawei Products (huawei-sa-20170720-01-ospf)

Some Huawei products have a MaxAge LSA vulnerability due to improper OSPF...

CVE-2020-9068

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain...

CVE-2020-9068

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain...

Authentication flaw

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain...

CVE-2020-9068

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain...

Security Advisory - Improper Authentication Vulnerability in Several Huawei Products

Some Huawei products have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. (Vulnerability ID: HWPSIRT-2020-04035) This vulnerability has been assigned a Common...

Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products

There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may...

Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products

There is an out-of-bounds read vulnerability in some huawei products. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the device reboot....

Security Advisory - Three DoS Vulnerabilities in the SIP Module of Some Huawei Products

There are three denial of service (DoS) vulnerabilities in the SIP module of some Huawei products. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit...

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. (Vulnerability ID: HWPSIRT-2019-04082) .....

CVE-2019-5304

Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to...

Input validation

Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to...