Huawei Switches Information Disclosure Vulnerability (huawei-sa-20140820-01-campus)

Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2017-2712

S3300 V100R006C05 have an Ethernet in the First Mile EFM flapping vulnerability due to the lack of type-length-value TLV consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping...

Spoofing

S3300 V100R006C05 have an Ethernet in the First Mile EFM flapping vulnerability due to the lack of type-length-value TLV consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping...

CVE-2017-2712

CVE-2017-2712 concerns Huawei VRP-based switches (notably the Huawei S3300 family, e.g., S3300 with V100R006C05) experiencing an Ethernet in the First Mile (EFM) flapping issue caused by a missing TLV (type-length-value) consistency check. The flaw allows crafting malformed packets that can be se...

CVE-2017-2712

S3300 V100R006C05 have an Ethernet in the First Mile EFM flapping vulnerability due to the lack of type-length-value TLV consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping...

Huawei Switch Y.1731 Denial of Service Vulnerability

S9300, S2300, S3300, S5300, S6300 are various types of switches introduced by Huawei. Huawei switches are vulnerable to Y.1731 denial of service vulnerability which can cause the switch to reboot...

CVE-2014-8572

Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003,...

CVE-2014-3223

CVE-2014-3223 affects Huawei S9300 (pre-V100R006SPH013) and S2300/S3300/S5300/S6300 (pre-V100R006SPH010) switches, due to a Y.1731 processing flaw that can cause a reboot. The issue is tied to Huawei’s Y.1731 vulnerability (HWPSIRT-2013-1165) and is documented across multiple sources (NVD, CVE li...

CVE-2014-8572

CVE-2014-8572 affects Huawei VRP-based devices (e.g., AC6605, ACU, S2300/S3300/S2700/S3700, S5300/S5700/S6300/S6700, S7700/S9300/S9300E/S9700) where the SSH server processes a message without valid checksums, allowing remote attackers to send a crafted SSH packet to cause a denial of service. Con...

Huawei S3300 EFM Feature Oscillation Vulnerability

Huawei S3300 is a Huawei switch device. The Huawei S3300 suffers from an EFM Feature Shock vulnerability, which allows an attacker to construct malformed messages to be sent to the device due to the device's lack of consistency checking for a certain type of TLV, resulting in an EFM service shock...

Security Advisory- SSH Username Information Disclosure Vulnerability in Huawei Campus Switch

Some versions of Huawei Campus switch series products S9300/S9300E/S7700/S9700 /S5700/S6700/S5300/S6300/S2300/S2700/S3300/S3700 are affected by username information disclosure vulnerability. When the maintenance terminal of a Huawei Campus switch uses SSH to log in to a server, attackers can gues...

CVE-2012-4960

CVE-2012-4960 covers a DES-based password encryption weakness in Huawei networking devices (including NE5000E, NE40E/80E, CX/ CX600, and related models). The root cause is use of DES for stored passwords, enabling brute-force or context-dependent attacks to recover cleartext passwords. Public adv...