Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software.....
7.5CVSS
7.2AI Score
0.002EPSS
Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software.....
7.5AI Score
0.002EPSS
Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted...
9.8CVSS
9.6AI Score
0.018EPSS
Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted...
9.8CVSS
9.4AI Score
0.018EPSS
Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted...
9.8CVSS
8.2AI Score
0.018EPSS
Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted...
9.6AI Score
0.018EPSS
Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products
Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. (Vulnerability ID: HWPSIRT-2016-09065) This vulnerability has...
9.8CVSS
3.4AI Score
0.911EPSS
Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service....
6.5CVSS
5.8AI Score
0.002EPSS
Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service....
6.5CVSS
6AI Score
0.002EPSS
Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service....
6.5CVSS
6.5AI Score
0.002EPSS
Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service....
6AI Score
0.002EPSS
Security Advisory - Uncontrolled Format String Vulnerability on Multiple Products
Several Huawei routers and switches have an uncontrolled format string vulnerability when processing partial commands. An authenticated attacker could exploit this vulnerability to cause a denial of service. (Vulnerability ID: HWPSIRT-2016-07011) This vulnerability has been assigned Common...
6.5CVSS
6.1AI Score
0.002EPSS
Security Advisory - IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
There is a vulnerability in the IP Version 6 (IPv6) Neighbor Discovery packet process of multiple products, successful exploit could allow an unauthenticated, remote attacker to cause an affected device to start dropping legitimate IPv6 neighbors as legitimate ND times out, leading to a denial of.....
7.5CVSS
7.3AI Score
0.015EPSS
Security Advisory - Input Validation Vulnerability in Huawei Routers
There is an input validation vulnerability in Huawei access routers, an attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. An exploit could allow the attacker to cause a Denial of Service or remote code execution. (Vulnerability ID:...
9.8CVSS
9.3AI Score
0.018EPSS
Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS)...
7.5CVSS
7.3AI Score
0.002EPSS
Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS)...
7.5CVSS
7.3AI Score
0.002EPSS
Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS)...
7.5CVSS
7.1AI Score
0.002EPSS
Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS)...
7.3AI Score
0.002EPSS
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
Some Huawei products have a memory leak vulnerability. When the packet processing module of the device processes abnormal Multiprotocol Label Switching (MPLS) packets sent by attackers, the module repeatedly applies for memory, resulting in memory exhaustion in persistent attacks. (Vulnerability...
7.5CVSS
7.3AI Score
0.002EPSS
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted...
6.5CVSS
6.2AI Score
0.001EPSS
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted...
6.5CVSS
6.2AI Score
0.001EPSS
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted...
6.5CVSS
6.8AI Score
0.001EPSS
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted...
6.2AI Score
0.001EPSS
Security Advisory - Input Validation Vulnerability in Huawei AR3200
There is an input validation vulnerability in Huawei AR3200, which allows an attacker who logs into the device to send malformed packets, causing the AR3200 occasionally restart and a Denial of Service. (Vulnerability ID: HWPSIRT-2015-10047) This vulnerability has been assigned Common...
6.5CVSS
6.3AI Score
0.001EPSS
Security Advisory - GNU Glibc Buffer Overflow Security Vulnerability
Google security research team disclosed a buffer overflow vulnerability in GNU C library (glibc) (CVE-2015-7547) on February 16, 2016, remote attackers can exploit the vulnerability to execute arbitrary code on an affected device. (Vulnerability ID: HWPSIRT-2016-02018) This vulnerability has been.....
8.1CVSS
2.2AI Score
0.974EPSS
Security Advisory - GNU Glibc Buffer Overflow Security Vulnerability
Google security research team disclosed a buffer overflow vulnerability in GNU C library (glibc) (CVE-2015-7547) on February 16, 2016, remote attackers can exploit the vulnerability to execute arbitrary code on an affected device. (Vulnerability ID: HWPSIRT-2016-02018) This vulnerability has been.....
8.1CVSS
8.9AI Score
0.974EPSS
Security Advisory - Chunked HTTP Packet L7-Parsing Vulnerability in Huawei Products
There is a vulnerability in several Huawei products: AR series, NetEngine16EX and SRG series. If the Layer 7 HTTP chunked packet paring function is enabled on these devices, an attacker could exploit the vulnerability to craft a special HTTP chunked packet and send it to the target device to cause....
6.5AI Score
Summary The CF cards on some Huawei switches and ARs contain some sensitive information in plaintext. Once an attacker gets such a CF card, it may result in the leak of sensitive information (HWPSIRT-2015-07048). This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID:...
5.1AI Score
0.001EPSS
Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified...
6.5AI Score
0.001EPSS
Security Advisory - Directory Traversal Vulnerability in Huawei AR Router
The AR router has a directory traversal vulnerability when serving as an SFTP server. An attacker can log in to the AR router and traverse FTP server directories to access unauthorized directories, leading to information leaks. (Vulnerability ID: HWPSIRT-2015-09029) This vulnerability has been...
6.1AI Score
0.001EPSS
Security Advisory - Stagefright Vulnerability in Multiple Huawei Android Products
The Stagefright media player engine in Android OS has multiple vulnerabilities, which can be exploited to remotely execute code in affected devices. (Vulnerability ID: HWPSIRT-2015-07056, HWPSIRT-2015-07057, HWPSIRT-2015-07058, HWPSIRT-2015-07059, HWPSIRT-2015-07060, HWPSIRT-2015-07061 and...
6.5AI Score
0.954EPSS
Security Advisory - CF Card Information Leak Vulnerability on Multiple Huawei Products
The CF cards on some Huawei switches and ARs contain some sensitive information in plaintext. Once an attacker gets such a CF card, it may result in the leak of sensitive information (HWPSIRT-2015-07048). Currently, official fixes are...
6.5AI Score
Security Advisory - Glibc Buffer Overflow Vulnerability
Huawei noticed that Qualys had disclosed the buffer overflow in the GNU C Library (glibc) on January 27th, 2015, Applications call various gethostbyname function are affected and attackers can exploit this vulnerability to perform remote code execution. (Vulnerability ID: HWPSIRT-2015-01045) This.....
8AI Score
0.975EPSS
Security Advisory-SSLv3 POODLE Vulnerability in Huawei Products
The SSLv3 protocol supported by some Huawei products has the so-called Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability. The attacker can launch a man-in-the-middle attack to manipulate the TLS negotiation process so that the communication parties use SSLv3, which has...
3.4CVSS
2.4AI Score
0.975EPSS
Huawei AR Router Remote Command Execution (HWNSIRT-2013-0427)
The remote host is a Huawei device running a firmware version that is affected by a remote command execution vulnerability due to a flaw in the SNMPv3 component. A remote, unauthenticated attacker can exploit this vulnerability by sending malformed SNMPv3 messages to execute arbitrary...
1.1AI Score
0.002EPSS
Huawei Device DoS (HWPSIRT-2014-0307)
The remote host is a Huawei device running a firmware version that is affected by a denial of service vulnerability due to a flaw in the RADIUS component. A remote, authenticated attacker could exploit this vulnerability by sending malformed RADIUS packets to cause a device...
0.4AI Score
EPSS
Huawei eSap Platform DoS (HWPSIRT-2014-0111)
The remote host is a Huawei device running a firmware version that is affected by a denial of service vulnerability. The issue stems from a heap overflow vulnerability in the firmware. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed packets to cause...
7.5CVSS
0.6AI Score
0.002EPSS
Security Advisory-A DoS Vulnerability in the SSH Module on Huawei AR Router
On Some Huawei AR routers that receive a large number of SSH authentication attack packets with malformed data, legitimate users fail to log in through SSH. Attackers can construct massive attack packets to cause the AR routers to deny SSH login from legitimate users. (HWPSIRT-2013-1255). This...
6.3AI Score
EPSS
Security Advisory - SNMP vulnerability on Huawei multiple products
In some of Huawei products as affected products list below, there are MIBs which support the query of the local user account and password. However, the security authentication protection for SNMP V1 and V2 is not enough, which leads to the risk that the user account and password can be disclosed...
6.1AI Score
0.003EPSS