14 matches found
EUVD-2014-8962
Malware in sbrugna...
Zyxel Gateway / Access Point External DNS Request Vulnerability
Some Zyxel Access Points are prone to an information disclosure vulnerability where external DNS requests can be made. This VT has been deprecated and replaced by various device specific VTs. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced...
CVE-2019-9955
Zyxel devices including ATP200/ATP500/ATP800, USG and ZyWALL series (e.g., USG20-VPN/USG1100/USG1900/ ZyWALL 110/310) are affected by CVE-2019-9955. The vulnerability is a reflected Cross-Site Scripting flaw on the security firewall login page caused by unsanitized mp_idx parameter in weblogin.cg...
Cross site request forgery (csrf)
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack...
CVE-2014-9137
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack...
CVE-2014-9137
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack...
CVE-2014-9137
CVE-2014-9137 is a CSRF vulnerability in Huawei USG firewall web interfaces affecting USG9500 (V200R001C01SPC800 and earlier; V300R001C00), USG2100 (V300R001C00SPC900 and earlier), USG2200 (V300R001C00SPC900), and USG5100 (V300R001C00SPC900). An unauthenticated remote attacker could conduct a CSR...
Buffer overflow
Buffer overflow in the Point-to-Point Protocol over Ethernet PPPoE module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service...
CVE-2016-8276
CVE-2016-8276 concerns Huawei USG2100/USG2200/USG5100/USG5500 unified security gateways. A buffer overflow in the PPPoE module occurs when CHAP authentication is configured on the server, allowing remote attackers to cause a server restart or execute arbitrary code via crafted packets during auth...
CVE-2016-6669
Buffer overflow in the Authentication, Authorization and Accounting AAA module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet...
Buffer overflow
Buffer overflow in the Authentication, Authorization and Accounting AAA module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet...
Code injection
Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is enabled on an interface, allow remote attackers to cause a denial of service reboot via crafted DHC...
CVE-2015-8084
CVE-2015-8084 affects Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software prior to V300R001C10SPC600. When DHCP Snooping is enabled and option82 insert or option82 rebuild is active on an interface, devices fail to parse certain DHCP packets, enabling remote atta...
CVE-2012-4960
CVE-2012-4960 covers a DES-based password encryption weakness in Huawei networking devices (including NE5000E, NE40E/80E, CX/ CX600, and related models). The root cause is use of DES for stored passwords, enabling brute-force or context-dependent attacks to recover cleartext passwords. Public adv...