Lucene search
K
HuaweiMost viewed

1006 matches found

Huawei
Huawei
•added 2021/03/31 12:0 a.m.•33 views

Security Advisory - Out of Bounds Write Vulnerability in Huawei Smartphone

There is an out of bounds write vulnerability in Huawei Smartphone product when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause th...

6.5CVSS6.6AI score0.00272EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2020/11/18 12:0 a.m.•33 views

Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product

There is a command injection vulnerability in Huawei FusionCompute product. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. Vulnerability ID:...

7.2CVSS7AI score0.01023EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2020/09/23 12:0 a.m.•33 views

Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Phones

There is an insufficient input validation vulnerability in some Huawei products. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service...

6.7CVSS6.5AI score0.00242EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2018/11/21 12:0 a.m.•33 views

Security Advisory - Smart SMS Verification Code Vulnerability in Some Huawei Smart Phones

There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak...

6.5CVSS6.4AI score0.009EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2017/12/20 12:0 a.m.•33 views

Security Advisory - Two Remote Code Execution Vulnerabilities in Microsoft Windows

Microsoft released a security advisory to disclose a remote code execution vulnerability in Microsoft Server Message Block 1.0 SMBv1. A remote attacker could send a specially crafted packet to a targeted SMBv1 server. The attacker could exploit the vulnerability to gain the ability to execute cod...

10CVSS8.7AI score0.64132EPSS
Exploits0Affected Software17
Huawei
Huawei
•added 2017/12/06 12:0 a.m.•33 views

Security Advisory - DoS Vulnerability in Some Huawei Products

There is an DoS vulnerability in some Huawei products due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system, when a system manager load the key, an infinite loop happens which lead to...

6.3CVSS5.5AI score0.00841EPSS
Exploits0Affected Software6
Huawei
Huawei
•added 2017/12/01 12:0 a.m.•33 views

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

Some Huawei products have a memory leak vulnerability. An unauthenticated attacker may send specific Resource ReServation Protocol RSVP packets to the affected products. Due to not release the memory to handle the packets, successful exploit will result in memory leak of the affected products and...

7.5CVSS7.5AI score0.00967EPSS
Exploits0Affected Software4
Huawei
Huawei
•added 2017/11/15 12:0 a.m.•33 views

Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products

There is an out-of-bounds read vulnerability in some Huawei products. An attacker has to control the peer device and send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause some service abnormal. Vulnerability ID:...

4.3CVSS4AI score0.0072EPSS
Exploits0Affected Software11
Huawei
Huawei
•added 2017/09/20 12:0 a.m.•33 views

Security Advisory - Information Exposure Vulnerability in Huawei Products

Some Huawei products have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure. Vulnerability ID: HWPSIRT-2017-07133 This vulnerability has been assigned Common...

7.5CVSS7.4AI score0.00602EPSS
Exploits0Affected Software14
Huawei
Huawei
•added 2017/08/02 12:0 a.m.•33 views

Security Advisory - Insufficient Input Validation Vulnerability in Bastet of Huawei Smart Phone

The Bastet of some Huawei mobile phones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. Vulnerability ID: HWPSIRT-2017-05190 This...

7.1CVSS5.4AI score0.0055EPSS
Exploits0Affected Software3
Huawei
Huawei
•added 2017/07/20 12:0 a.m.•33 views

Security Advisory - MaxAge LSA Vulnerability in OSPF Protocol of Some Huawei Products

Some Huawei products have a MaxAge LSA vulnerability due to improper OSPF implementation. When the device receives special LSA packets, the LS Link Status age would be set to MaxAge, 3600 seconds. An attacker can exploit this vulnerability to poison the route table and launch a DoS attack...

7.5CVSS7.4AI score0.00965EPSS
Exploits0Affected Software26
Huawei
Huawei
•added 2017/04/20 12:0 a.m.•33 views

Security Advisory - Buffer Overflow vulnerability in the GaussDB

The GaussDB has a buffer overflow vulnerability due to the lack of input validation on some parameters. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service DoS condition in the affected system. Vulnerability ID:...

8CVSS8.2AI score0.00515EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2016/10/12 12:0 a.m.•33 views

Security Advisory - Multiple Security Vulnerabilities in Driver of Huawei Smart Phones

There are two stack overflow vulnerabilities in video driver. An attacker may trick a user into installing a malicious application and the application can send given parameter to video driver to crash the system or escalate user privilege. Vulnerability ID: HWPSIRT-2016-08056 and HWPSIRT-2016-080...

9.3CVSS8AI score0.00812EPSS
Exploits0Affected Software3
Huawei
Huawei
•added 2016/08/24 12:0 a.m.•33 views

Security Advisory - Uncontrolled Format String Vulnerability on Multiple Products

Several Huawei routers and switches have an uncontrolled format string vulnerability when processing partial commands. An authenticated attacker could exploit this vulnerability to cause a denial of service. Vulnerability ID: HWPSIRT-2016-07011 This vulnerability has been assigned Common...

6.8CVSS6.3AI score0.00987EPSS
Exploits0Affected Software12
Huawei
Huawei
•added 2016/08/24 12:0 a.m.•33 views

Security Advisory - Two Command Injection Vulnerabilities in Huawei UMA

The Unified Maintenance Audit UMA system provides a unified portal for O&M operations, controls and records users' O&M operations, and supports auditing by way of command display and video replay. The UMA has two command injection vulnerabilities due to the lack of validation on special fields. A...

10CVSS9.6AI score0.03536EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2015/11/04 12:0 a.m.•33 views

Security Advisory - Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone

Some Huawei smart phones have a heap overflow security vulnerability in the HIFI driver. An attacker may trick a user into installing a malicious application and use the application to read and modify memory, which can reboot the system or cause permission escalation. Vulnerability ID:...

9.3CVSS7.6AI score0.03811EPSS
Exploits2Affected Software6
Huawei
Huawei
•added 2014/12/24 12:0 a.m.•33 views

Security Advisory-WPS PIN Offline Brute Force Cracking Vulnerability in Huawei Home Gateway Products

Some Huawei home gateways are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator RNG used in the supplier’s solution is not random enough. As a result, brute force cracking the PIN code is easier. After an attacker cracks the PIN...

7.5CVSS7.3AI score0.00808EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2014/12/02 12:0 a.m.•33 views

Security Advisory-Multiple Vulnerabilities on Huawei P2 Smartphone

This security advisory SA describes two vulnerabilities. The decoder driver of P2 was found to allow any application to read or write to an arbitrary memory address. HWPSIRT-2014-0401 This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2014-2273. The Kingsoft...

8.1CVSS8.4AI score0.01508EPSS
Exploits1Affected Software1
Huawei
Huawei
•added 2014/09/24 12:0 a.m.•33 views

Security Advisory-CSRF Vulnerabilities in Multiple Products

Cross-site request forgery CSRF vulnerabilities are discovered in multiple products, including FusionManager Vulnerability ID: HWPSIRT-2014-0408 and USG firewall series Vulnerability ID: HWPSIRT-2014-0406. Vulnerabilities in the web interface of these devices could allow an unauthenticated, remot...

8.8CVSS8.8AI score0.00403EPSS
Exploits0Affected Software6
Huawei
Huawei
•added 2014/06/04 12:0 a.m.•33 views

Security Advisory-Multiple Heap Overflow Vulnerabilities in Huawei Campus Series Switches

Some Huawei Campus series switches have three heap overflow vulnerabilities. When receiving some special malformed packets, such devices access heap memory that is beyond the valid range and cause unexpected restart of the devices. If an attacker keeps sending such malformed packets, the devices...

7.8CVSS7.5AI score0.00742EPSS
Exploits0Affected Software14
Huawei
Huawei
•added 2023/03/01 12:0 a.m.•32 views

Security Advisory - Out-of-Bounds Write Vulnerability in a Huawei Sound Box Product

A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Vulnerability ID:HWPSIRT-2022-61463 This vulnerability has been assigned a CVE ID: CVE-2022-48330...

8CVSS4.4AI score0.00239EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2021/12/08 12:0 a.m.•32 views

Security Advisory - Memory Leak Vulnerability in Huawei Products

There is a memory leak vulnerability in huawei products. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. Vulnerability ID: HWPSIRT-2021-39541...

7.5CVSS7.4AI score0.00655EPSS
Exploits0Affected Software4
Huawei
Huawei
•added 2021/09/22 12:0 a.m.•32 views

Security Advisory - Server-Side Request Forgery Vulnerability in Huawei Product

There is a server-side request forgery vulnerability in huawei product. This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do...

7.5CVSS7.6AI score0.00637EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2021/08/18 12:0 a.m.•32 views

Security Advisory - Information Leakage Vulnerability in Some Huawei Product

There is an information leakage vulnerability in some huawei products. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. Vulnerability ID:...

5.5CVSS5.3AI score0.00166EPSS
Exploits0Affected Software2
Huawei
Huawei
•added 2021/06/02 12:0 a.m.•32 views

Security Advisory - Race Condition Vulnerability in Some Huawei Products

There is a race condition vulnerability in some Huawei products. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal. Vulnerability ID: HWPSIRT-2020-05257 This vulnerabili...

5.3CVSS5.1AI score0.00398EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2021/05/19 12:0 a.m.•32 views

Security Advisory - Improper Authorization Vulnerability in Huawei Products

There is an improper authorization vulnerability in Huawei products. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service. Vulnerability ID: HWPSIRT-2020-05262 This vulnerability has been...

7.8CVSS7.8AI score0.00176EPSS
Exploits0Affected Software2
Huawei
Huawei
•added 2021/04/28 12:0 a.m.•32 views

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some huawei products. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal. Vulnerabilit...

5.3CVSS5.2AI score0.00487EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2021/04/21 12:0 a.m.•32 views

Security Advisory - XXE Injection Vulnerability in Huawei Products

There is an XXE injection vulnerability in some Huawei products. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service. Vulnerability ID: HWPSIRT-2020-04355 This...

5.3CVSS5.3AI score0.00631EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2021/02/02 12:0 a.m.•32 views

Security Advisory - Information Leakage Vulnerability in Huawei Products

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Vulnerability ID: HWPSIRT-2020-74955 This vulnerability ha...

7.5CVSS7.3AI score0.00767EPSS
Exploits0Affected Software4
Huawei
Huawei
•added 2021/01/27 12:0 a.m.•32 views

Security Advisory - Information Leak Vulnerability in Huawei Products

There is an information leak vulnerability. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. Vulnerability ID: HWPSIRT-2020-01428 This vulnerability has...

4.1CVSS4.2AI score0.00146EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2020/12/09 12:0 a.m.•32 views

Security Advisory - Information Disclosure Vulnerability in TE Mobile Software

There is an information disclosure vulnerability in TE Mobile software. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure. Vulnerability...

4.4CVSS4.4AI score0.00222EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2020/11/11 12:0 a.m.•32 views

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attacker can construct attack scenarios, which lead to denial of service. Vulnerability ID: HWPSIRT-2020-79490 This vulnerability has...

7.5CVSS7.3AI score0.00736EPSS
Exploits0Affected Software6
Huawei
Huawei
•added 2020/07/01 12:0 a.m.•32 views

Security Advisory - Use After Free Vulnerability in Several Smartphones

There is a use after free vulnerability in several smartphones. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution...

7.8CVSS7.7AI score0.00833EPSS
Exploits0Affected Software2
Huawei
Huawei
•added 2020/07/01 12:0 a.m.•32 views

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted...

5.5CVSS5.5AI score0.00215EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2020/01/22 12:0 a.m.•32 views

Security Advisory - Out of Bounds Read Vulnerability in Several Products

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Vulnerability ID: HWPSIRT-2019-12425 This vulnerability has been...

6.5CVSS6.4AI score0.00351EPSS
Exploits0Affected Software9
Huawei
Huawei
•added 2018/10/10 12:0 a.m.•32 views

Security Advisory - Improper Authentication Vulnerability on Smartphones

There is an improper authentication vulnerability on smartphones. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which i...

4.6CVSS4.9AI score0.00245EPSS
Exploits0Affected Software46
Huawei
Huawei
•added 2018/09/19 12:0 a.m.•32 views

Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Products

There is a sensitive information leak vulnerability in some Huawei products. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak. Vulnerability ID...

5.5CVSS5.2AI score0.00658EPSS
Exploits0Affected Software19
Huawei
Huawei
•added 2018/08/31 12:0 a.m.•32 views

Security Advisory - FRP Bypass Vulnerability on Huawei Smart Phones

There is a FRP bypass vulnerability on Huawei smart phones. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP. Vulnerability ID: HWPSIRT-2018-06018 Th...

4.9CVSS4.7AI score0.00237EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2018/06/30 12:0 a.m.•32 views

Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products

There is an out-of-bounds read vulnerability in some Huawei products. An unauthenticated, remote attacker has to control the peer device and craft the Signalling Connection Control Part SCCP messages to the target devices. Due to insufficient input validation of some values in the messages,...

5.3CVSS5.2AI score0.01248EPSS
Exploits0Affected Software6
Huawei
Huawei
•added 2018/01/24 12:0 a.m.•32 views

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

There is a memory leak vulnerability in several Huawei products. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal. Vulnerability ID: HWPSIRT-2017-0803...

3.3CVSS3.8AI score0.00211EPSS
Exploits0Affected Software6
Huawei
Huawei
•added 2017/12/27 12:0 a.m.•32 views

Security Advisory - Activation Lock Bypass Vulnerability on Smartphones

There is an activation lock bypass vulnerability on Smartphones. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypas...

4.6CVSS4.7AI score0.00235EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2017/09/14 12:0 a.m.•32 views

Security Advisory - Buffer overflow Vulnerability in Bastet Driver of Huawei Smart Phone

The Bastet driver of some Huawei smart phones has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing...

9.3CVSS7.9AI score0.01347EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2017/07/25 12:0 a.m.•32 views

Security Advisory - Resource Exhaustion Vulnerability in Some Huawei Smartphones

Some Huawei smartphones have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery. Vulnerability ID: HWPSIRT-2017-04120 This...

7.1CVSS5.3AI score0.0055EPSS
Exploits0Affected Software6
Huawei
Huawei
•added 2017/06/05 12:0 a.m.•32 views

Security Advisory - Memory Double Free Vulnerability in Driver of Some Huawei Smart Phones

The soundtrigger driver of some Huawei smart phones has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash...

9.3CVSS7.9AI score0.01015EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2017/03/02 12:0 a.m.•32 views

Security Advisory - Buffer Overflow Vulnerability in the Boot Loaders of Huawei Mobile Phones

The boot loaders of some Huawei mobile phones have a buffer overflow vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the...

9.3CVSS8AI score0.01296EPSS
Exploits0Affected Software2
Huawei
Huawei
•added 2016/11/25 12:0 a.m.•32 views

Security Advisory - Buffer Overflow Vulnerability in Huawei Firewall Products

The security policy processing module of some Huawei firewall products have a buffer overflow vulnerability. An authenticated attacker may setup a specific security policy into the devices, causing buffer overflow and crash the system. Vulnerability ID: HWPSIRT-2016-06074 This vulnerability has...

6.8CVSS6.6AI score0.0103EPSS
Exploits0Affected Software3
Huawei
Huawei
•added 2016/08/24 12:0 a.m.•32 views

Security Advisory - XXE Vulnerability in the E9000

E9000 has an XML External Entity XXE vulnerability when parsing user-supplied XML documents in HMM Hyper Management Module. Attackers could exploit this vulnerability to read arbitrary files and cause a denial of the web service. Vulnerability ID: HWPSIRT-2016-05249 This vulnerability has been...

6.6CVSS6.7AI score0.00826EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2024/04/17 12:0 a.m.•31 views

Security Advisory - Vulnerability of Improper Interface Access Control in a Huawei PC Product

A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMM leaks. Attackers can exploit this vulnerability to boot the UEFI shell and cause memory leaks.Vulnerability ID:HWPSIRT-2023-64955 This vulnerability has been...

7.8CVSS6.5AI score0.00115EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2024/04/17 12:0 a.m.•31 views

Security Advisory - Improper Handling of Length Parameter Inconsistency in a Huawei PC Product

A Huawei PC product is vulnerable to improper handling of length parameter inconsistency. Successful exploitation of this vulnerability can compromise the data structure stored at the beginning of SMRAM and may cause code execution in SMM.Vulnerability ID:HWPSIRT-2023-91490 This vulnerability has...

7.8CVSS6.9AI score0.00129EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2021/06/09 12:0 a.m.•31 views

Security Advisory - Resource Management Error Vulnerability in Some Huawei Products

There is a resource management error vulnerability in some Huawei Products. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on...

7.5CVSS7.4AI score0.00677EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1006