22 matches found
CVE-2016-8786
CVE-2016-8786 affects multiple Huawei routing switches (e.g., S12700, S5700, S6700, S7700, S9700) across V200R005C00 to V200R008C00 revisions. The flaw is in RSVP packet handling due to insufficient input validation, enabling a remote attacker to trigger buffer overflows and cause occasional rebo...
CVE-2017-8139
HedEx Earlier than V200R006C00 versions have the stored cross-site scripting XSS vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users...
CVE-2017-8136
HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak...
CVE-2017-8138
HedEx Earlier than V200R006C00 versions has a cross-site request forgery CSRF vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services...
CVE-2017-8137
HedEx Earlier than V200R006C00 versions has a dynamic link library DLL hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking...
CVE-2017-8138
HedEx Earlier than V200R006C00 versions has a cross-site request forgery CSRF vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services...
CVE-2017-8136
HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak...
Cross site scripting
HedEx Earlier than V200R006C00 versions have the stored cross-site scripting XSS vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users...
Arbitrary file deletion
HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak...
Cross site request forgery (csrf)
HedEx Earlier than V200R006C00 versions has a cross-site request forgery CSRF vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services...
Design/Logic Flaw
HedEx Earlier than V200R006C00 versions has a dynamic link library DLL hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking...
CVE-2017-8136
HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak...
CVE-2017-8138
HedEx Earlier than V200R006C00 versions has a cross-site request forgery CSRF vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services...
CVE-2017-8138
Huawei HedEx (Huawei Electronic Documentation Explorer), versions earlier than V200R006C00, suffer a cross-site request forgery (CSRF) vulnerability. An attacker can entice a logged-in user to access a malicious page, causing unauthorized configuration changes and potential service disruption. Th...
CVE-2017-8137
Huawei HedEx (HedEx Lite) prior to V200R006C00 suffers a DLL hijacking vulnerability caused by calling a DLL via a relative path. The issue enables tampering with the DLL file and is described for HedEx products in CVE-2017-8137. Affected versions are earlier than V200R006C00; Huawei’s advisory r...
Huawei HedEx Lite Cross-Site Scripting Vulnerability
Huawei HedEx Lite is a document management software from Huawei China. A cross-site scripting vulnerability exists in versions prior to Huawei HedEx Lite V200R006C00. A remote attacker can exploit this vulnerability to embed malicious scripts into the device's configuration file and interfere wit...
Huawei HedEx Lite DLL Hijacking Vulnerability
Huawei HedEx Lite is a document management software from Huawei China. A DLL hijacking vulnerability exists in Huawei HedEx Lite versions prior to V200R006C00, which originates from accessing a relative path to call a DLL file during HedEx operation. A remote attacker could exploit this...
CVE-2016-8797
Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software...
CVE-2016-8275
Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb...
Design/Logic Flaw
Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software...