5 matches found
CVE-2018-7976
There is a stored cross-site scripting XSS vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...
CVE-2017-8157
This CVE (CVE-2017-8157) affects Huawei OceanStor 5800 V3 and OceanStor 6900 V3 where TLS1.0 is used for transport encryption, enabling information leakage. Vulnerable components are the affected OceanStor firmware series (e.g., V300R002C00/C10 and V300R001C00) running on OceanStor 5800/6900 V3 p...
Cross site request forgery (csrf)
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack...
CVE-2014-9137
CVE-2014-9137 is a CSRF vulnerability in Huawei USG firewall web interfaces affecting USG9500 (V200R001C01SPC800 and earlier; V300R001C00), USG2100 (V300R001C00SPC900 and earlier), USG2200 (V300R001C00SPC900), and USG5100 (V300R001C00SPC900). An unauthenticated remote attacker could conduct a CSR...
Huawei USG Product Security Bypass Vulnerability
Huawei USG5500 is a firewall product from Huawei, China. A security vulnerability exists in the Huawei USG5500 V300R001C00 and V300R001C10, which allows remote attackers to conduct denial-of-service attacks by sending a large number of HTTP messages to bypass the DDOS defense module of the USG...