Huawei Switches Information Disclosure Vulnerability (huawei-sa-20140820-01-campus)

Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Huawei Switch Y.1731 Denial of Service Vulnerability

S9300, S2300, S3300, S5300, S6300 are various types of switches introduced by Huawei. Huawei switches are vulnerable to Y.1731 denial of service vulnerability which can cause the switch to reboot...

Denial of Service Vulnerability in Multiple Huawei Quidway Switches

Quidway S9700, Quidway S9300, Quidway S7700, Quidway S6700, Quidway S6300, Quidway S5700, Quidway S5300 are various types of switches launched by Huawei. A denial of service vulnerability exists in multiple Huawei Quidway switches, which allows attackers to launch a denial of service attack by...

CVE-2016-8797

Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software...

CVE-2014-8572

Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003,...

CVE-2014-4706

Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S2350 with software V200R003C00SPC300; S2750 with...

CVE-2014-3224

Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by crafting and sendi...

CVE-2016-8773

CVE-2016-8773 affects Huawei S-series switches (S5300, S5700, S6300, S6700, S7700, S9300, S9700, S12700) with listed V200R software versions. The root cause is improper validation of MPLS packets, enabling a remote attacker to cause a denial of service by sending malformed MPLS messages. Impact i...

CVE-2014-3223

CVE-2014-3223 affects Huawei S9300 (pre-V100R006SPH013) and S2300/S3300/S5300/S6300 (pre-V100R006SPH010) switches, due to a Y.1731 processing flaw that can cause a reboot. The issue is tied to Huawei’s Y.1731 vulnerability (HWPSIRT-2013-1165) and is documented across multiple sources (NVD, CVE li...

CVE-2014-8572

CVE-2014-8572 affects Huawei VRP-based devices (e.g., AC6605, ACU, S2300/S3300/S2700/S3700, S5300/S5700/S6300/S6700, S7700/S9300/S9300E/S9700) where the SSH server processes a message without valid checksums, allowing remote attackers to send a crafted SSH packet to cause a denial of service. Con...

CVE-2016-8797

The CVE-2016-8797 entry describes a memory exhaustion issue in Huawei devices caused by abnormal MPLS packets processed by the MPLS module. Affected products include Huawei AR3200 and several S-series switches (S12700, S5300, S5700, S6300, S6700, S7700, S9300, S9700) with listed software versions...

Security Advisory- SSH Username Information Disclosure Vulnerability in Huawei Campus Switch

Some versions of Huawei Campus switch series products S9300/S9300E/S7700/S9700 /S5700/S6700/S5300/S6300/S2300/S2700/S3300/S3700 are affected by username information disclosure vulnerability. When the maintenance terminal of a Huawei Campus switch uses SSH to log in to a server, attackers can gues...

CVE-2012-4960

CVE-2012-4960 covers a DES-based password encryption weakness in Huawei networking devices (including NE5000E, NE40E/80E, CX/ CX600, and related models). The root cause is use of DES for stored passwords, enabling brute-force or context-dependent attacks to recover cleartext passwords. Public adv...