39 matches found
Cross site scripting
There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected...
CVE-2020-9075
CVE-2020-9075 affects Huawei Secospace USG6300/USG6300E (V500R001C30/V500R001C50/V500R001C60/V500R001C80/V500R005C00/V500R005C10/V600R006C00). The root cause is insufficient input verification in these devices, enabling an attacker with limited privileges to access a specific directory and potent...
Huawei Products Improper Authentication Vulnerability (huawei-sa-20200506-02-authentication)
Multiple Huawei products are prone to an improper authentication vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...
CVE-2020-9099
Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10;...
Authentication flaw
Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10;...
CVE-2020-9099
Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10;...
CVE-2020-1876
NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validati...
Out-of-bounds
NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validati...
CVE-2020-1877
CVE-2020-1877 involves Huawei NIP6800, Secospace USG6600 and USG9500 devices. Affected versions include V500R001C30; V500R001C60SPC500; V500R005C00SPC100. The root cause is an invalid pointer access when an administrator logs in and performs operations, which can cause certain processes to reboot...
CVE-2020-1876
CVE-2020-1876 affects Huawei NIP6800, Secospace USG6600 and USG9500 with specific V500R001C30, V500R001C60SPC500 and V500R005C00SPC100 builds. It is an out-of-bounds write vulnerability triggered by unauthenticated, malformed packets that bypass validation and may reboot the targeted device. Root...
CVE-2020-1876
NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validati...
CVE-2020-1881
CVE-2020-1881 affects Huawei NIP6800, Secospace USG6600 and USG9500 devices. A resource management error in a function can be triggered by specific operations, leading to service abnormality. Affected versions include V500R001C30, V500R001C60SPC500 and V500R005C00SPC100. Remediation references Hu...
CVE-2020-1860
The CVE-2020-1860 entry concerns Huawei Secospace/NIP6800 family devices (NIP6800; Secospace USG6600; USG9500) with firmware lines V500R001C30, V500R001C60SPC500, and V500R005C00SPC100, where an access control bypass vulnerability exists. The root cause allows attackers who can reach the internal...
CVE-2020-1874
The CVE-2020-1874 entry concerns Huawei NIP6800, Secospace USG6600, and USG9500 devices. Affected versions include V500R001C30; V500R001C60SPC500; V500R005C00SPC100. Description across sources states an invalid pointer access vulnerability that is triggered when an operator logs in and performs o...
CVE-2020-1874
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause...
CVE-2020-1875
The CVE-2020-1875 entry concerns Huawei NIP6800, Secospace USG6600, and USG9500 devices with invalid pointer access in certain operations, leading to a reboot of a process. Affected: NIP6800 (V500R001C30, V500R001C60SPC500), Secospace USG6600 (V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC5...
CVE-2020-1815
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while...
Input validation
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service DoS vulnerability. Due to improper processing of specific IPSEC packets, remote attacke...
CVE-2020-1856
Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful...
CVE-2020-1856
Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful...