337 matches found
Design/Logic Flaw
Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of...
Buffer overflow
The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101,...
CVE-2016-8802
CVE-2016-8802 affects Huawei Secospace USG6300/6500/6600 series (firmware lines V500R001C20SPC100/101/200). The security policy processing module is vulnerable to a buffer overflow when an authenticated attacker configures a specific security policy, potentially crashing the device. The issue is ...
CVE-2016-8795
CVE-2016-8795 describes an integer overflow in IPFPM handling on several Huawei devices. Affected products include Huawei CloudEngine 12800, 5800, 6800, 7800, 8800 and Secospace USG6600, across multiple OS versions listed in the Huawei advisory. Remote, unauthenticated attackers can craft specifi...
CVE-2016-8802
The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101,...
CVE-2016-8781
Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of...
CVE-2016-8795
Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10,...
CVE-2016-8781
CVE-2016-8781 covers a DoS in Huawei Secospace firewall series (USG6300/USG6500/USG6600) where a remote attacker with specific permissions can log in and issue a high volume of commands that exhaust memory. The root cause is memory not being released after command execution, leading to a denial o...
Multiple Huawei Firewall Denial of Service Vulnerabilities (CNVD-2016-12339)
Huawei Secospace USG6300, Secospace USG6500, Secospace USG6600 are firewall devices from Huawei China. A denial of service vulnerability exists in multiple Huawei firewalls. As part of the memory is not freed after executing a command, a remote attacker with specific privileges can log in to the...
Buffer Overflow Vulnerability in Multiple Huawei Secospace Products
Huawei Secospace is a terminal security management system. A buffer overflow vulnerability exists in multiple Huawei Secospace products. Due to the lack of boundary checking of user-copied data, an attacker exploiting the vulnerability could reboot the affected device, resulting in a...
Memory corruption
Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of servi...
CVE-2016-5435
Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of servi...
CVE-2016-5435
The CVE-2016-5435 issue affects Huawei security appliances (e.g., IPS Module, NGFW Module, NIP6300/6600, Secospace USG6300/6500/6600/9500 and AntiDDoS8000) in hot standby setups where two devices are not directly connected. The root cause is a memory leak triggered by crafted packets, leading to ...
CVE-2016-4577
Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to...
CVE-2016-4576
Buffer overflow in the Application Specific Packet Filtering ASPF functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of servi...
Buffer overflow
Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to...
CVE-2016-4577
The CVE-2016-4577 issue affects Huawei USG/NGFW products (USG6300/USG6500/USG6600/USG9500 and NGFW Module) where the Smart DNS function is vulnerable to a buffer overflow. The root cause is processing of crafted packets with illegitimate parameters, enabling remote attackers to cause a denial of ...