13 matches found
EUVD-2014-8962
Malware in sbrugna...
Weak password vulnerability in HUAWEI USG5100
The USG5100 series is a Gigabit-class unified security gateway for medium and large enterprises from Huawei Technologies Co. A weak password vulnerability exists in the HUAWEI USG5100, which can be exploited by attackers to obtain sensitive information...
Cross site request forgery (csrf)
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack...
CVE-2014-9137
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack...
CVE-2014-9137
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack...
CVE-2014-9137
CVE-2014-9137 is a CSRF vulnerability in Huawei USG firewall web interfaces affecting USG9500 (V200R001C01SPC800 and earlier; V300R001C00), USG2100 (V300R001C00SPC900 and earlier), USG2200 (V300R001C00SPC900), and USG5100 (V300R001C00SPC900). An unauthenticated remote attacker could conduct a CSR...
Buffer overflow
Buffer overflow in the Point-to-Point Protocol over Ethernet PPPoE module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service...
CVE-2016-8276
CVE-2016-8276 concerns Huawei USG2100/USG2200/USG5100/USG5500 unified security gateways. A buffer overflow in the PPPoE module occurs when CHAP authentication is configured on the server, allowing remote attackers to cause a server restart or execute arbitrary code via crafted packets during auth...
CVE-2016-6669
Buffer overflow in the Authentication, Authorization and Accounting AAA module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet...
Buffer overflow
Buffer overflow in the Authentication, Authorization and Accounting AAA module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet...
Code injection
Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is enabled on an interface, allow remote attackers to cause a denial of service reboot via crafted DHC...
CVE-2015-8084
CVE-2015-8084 affects Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software prior to V300R001C10SPC600. When DHCP Snooping is enabled and option82 insert or option82 rebuild is active on an interface, devices fail to parse certain DHCP packets, enabling remote atta...
CVE-2012-4960
CVE-2012-4960 covers a DES-based password encryption weakness in Huawei networking devices (including NE5000E, NE40E/80E, CX/ CX600, and related models). The root cause is use of DES for stored passwords, enabling brute-force or context-dependent attacks to recover cleartext passwords. Public adv...