78 matches found
CVE-2014-8570
Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S127...
CVE-2014-8572
CVE-2014-8572 affects Huawei VRP-based devices (e.g., AC6605, ACU, S2300/S3300/S2700/S3700, S5300/S5700/S6300/S6700, S7700/S9300/S9300E/S9700) where the SSH server processes a message without valid checksums, allowing remote attackers to send a crafted SSH packet to cause a denial of service. Con...
CVE-2014-8570
The CVE-2014-8570 entry maps to a Huawei VRP information-leak vulnerability where MPLS LSP Ping binds to unnecessary interfaces, enabling leakage of device IP addresses. Affected Huawei VRP-equipped devices include S-series and S9300/S9700 families across multiple software train versions (e.g., V...
Security Advisory - EFM Flapping Vulnerability in Huawei Products
Some Huawei VRP-based products have an Ethernet in the First Mile EFM flapping vulnerability due to the lack of type-length-value TLV consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping. Vulnerability ID: HWPSIRT-2016-09025 This vulnerability...
Security Advisory - Input Validation Vulnerability in Huawei VRP Platform
There is an input validation vulnerability in some Huawei devices using VRP. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakag...
Huawei VRP Detection (SNMP)
SNMP based detection of Huawei Versatile Routing Platform VRP devices. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Denial of Service Vulnerability in Multiple Huawei Products (CNVD-2016-03649)
Huawei AC6605 and others are wireless access controller products from Huawei, China. A security vulnerability exists in the SSH module of several Huawei products, which originates from the program processing a message without valid checksums for a field in the message content. An attacker could...
Huawei VRP telnet 弱口令
No description provided by source...
Internet Bug Bounty: Use After Free in Flash MessageChannel.send can cause arbitrary code execution
Sending messages between workers while having the animation reloaded can cause an object to be freed while a reference remains in memory. An attacker can use this issue to control eip and potentially execute arbitrary code. Identified as CVE-2015-0320, and reported to Adobe via Chrome VRP:...
Internet Bug Bounty: Use after free during the StageVideoAvailabilityEvent can result in arbitrary code execution
An attacker can register the StageVideoAvailabilityEvent and have the SWF movie reloaded at the same time with LoadMovie. During this process, an object may be freed allowing the attacker to take control of the code flow. Identified as CVE-2015-0315, and reported to Adobe via Chrome VRP:...
Internet Bug Bounty: Race condition in workers may cause an exploitable double free by abusing bytearray.compress()
The issue occurs while sharing a bytearray between two workers. If one worker calls bytearray.compress while the other uses that bytearray, Flash does not correctly handle the race and may double free the array. Identified as CVE-2015-0312, and reported to Adobe via Chrome VRP:...
Information Leakage Vulnerability via MPLS Ping in Huawei VRP Platform (HWPSIRT-2014-0418)
The firmware version of the remote host is affected by an information disclosure vulnerability. The MPLS LSP ping service is bound to unnecessary interfaces which may allow a remote attacker to determine IP addresses of devices. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Internet Bug Bounty: Race condition in Flash workers may cause an exploitable double free
The issue occurs while sharing a bytearray between two workers. If both call bytearray.clear at the same time, Flash does not correctly handle the race and may double free the array. Indentified as CVE-2014-0574, and reported to Adobe via Chrome VRP:...
Security Advisory-VRP SSH Denial of Service Vulnerability
The SSH of the VRP has an input verification issue. Remote attackers can send a special SSH packet to the device to cause a denial of service Vulnerability ID: HWPSIRT-2014-0701. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2014-8572...
Security Advisory-Information Leakage Vulnerability via MPLS Ping in VRP Platform
VRP Versatile Routing Platform has been developed by Huawei to provide improved IP routing services. The VRP has been widely applied to network devices, including high-end and low-end switches and routers, wireless and transmission devices. Information leakage vulnerability exists in several...
Stable Channel Update for Chrome OS
The Stable channel has been updated to 33.0.1750.152 Platform version: 5116.115.4/5116.115.5 for all devices. This build contains security fixes for Pwnium. Systems will be receiving the updates over the next few days. Security Fixes and Rewards Congratulations to geohot for an epic Pwnium...
Huawei VRP Compliance Checks
Binary data huaweicompliancecheck.nbin...
Researchers uncover security holes in China-based Huawei routers
Routers made by China-based Huawei Technologies have very few modern security protections and easy-to-find vulnerabilities, two network-security experts stated at the Defcon hacking convention. Huawei is one of the fastest-growing network and telecommunications equipment makers in the world. The...