Lucene search
K
HuaweiMost viewed

1006 matches found

Huawei
Huawei
added 2015/11/26 12:0 a.m.26 views

Security Advisory - Plaintext User Password Vulnerability in VCN500 Logs

Huawei VCN500 Video Cloud Node logs user passwords in plaintext for specific operations on the certain interface, leading to user password leakage. Vulnerability ID:HWPSIRT-2015-09032 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2015-8335. Huawei has...

6.5CVSS6.7AI score0.00749EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2015/11/25 12:0 a.m.26 views

Security Advisory - Information Leak Vulnerability in FusionCompute Products

There is a vulnerability in FusionCompute that enables common users to query unauthorized information. An attacker can exploit this vulnerability to query other users' information, leading to information leaks. Vulnerability ID: HWPSIRT-2015-10048 This vulnerability has been assigned Common...

4.3CVSS4.5AI score0.00597EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2015/11/25 12:0 a.m.26 views

Security Advisory - VCM User Horizontal Privilege Escalation Vulnerability

Huawei Video Content Management VCM system does not properly authenticate online users' identities and privileges, which leads to users' horizontal privilege escalation. An attacker may craft malicious messages, send them to the server, and perform illegitimate operations on cases created by othe...

8.8CVSS8.8AI score0.01011EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2015/08/05 12:0 a.m.26 views

Security Advisory-Two Security Vulnerabilities in the ME906 Wireless Module

ME906 is a mobile Internet access module. The module supports LTE, WCDMA, EVDO, and GSM. The product uses the M.2 interface, supports Windows 7 and Windows 8.1, and is intended for laptop and tablet OEM. This security advisory SA describes the impact of two vulnerabilities. These vulnerabilities...

7.8CVSS6.4AI score0.07099EPSS
Exploits0Affected Software3
Huawei
Huawei
added 2014/11/14 12:0 a.m.26 views

Security Advisory-File Upload Vulnerability on Huawei Honor Cube Wireless Router WS860s

Huawei Honor Cube wireless router WS860s supports the file upload function. It allows users to access its files through the web page. As the device is unable to verify every type of file to be uploaded and does not strictly restrict the file access path through the web page, attackers may upload...

10CVSS6.2AI score0.02481EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2021/01/13 12:0 a.m.25 views

Security Advisory - Insufficient Integrity Check Vulnerability in Huawei Sound X Product

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Vulnerability ID: HWPSIRT-2020-00213 This...

6.8CVSS6.5AI score0.00156EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/08/19 12:0 a.m.25 views

Security Advisory - Integer Overflow Vulnerability in Huawei Smartphone

There is an integer overflow vulnerability in Huawei smartphone. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer overflow. This can compromise normal service...

5.5CVSS5.5AI score0.00199EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/08/05 12:0 a.m.25 views

Security Advisory - Denial of Service Vulnerability in Several Smartphones

There is a denial of service vulnerability in several smartphones. The system does not properly limit the depth of recursion, an attacker should trick the user installing and execute a malicious application. Successful exploit could cause a denial of service condition. Vulnerability ID:...

5.5CVSS5.5AI score0.00469EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/07/15 12:0 a.m.25 views

Security Advisory - Missing Initialization of Resource Vulnerability in Some Huawei SmartPhones

Missing Initialization of Resource Vulnerability in Some Huawei Smart Phones. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions. Vulnerability...

5.5CVSS5.3AI score0.00469EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/06/10 12:0 a.m.25 views

Security Advisory - Denial of Service Vulnerability in Huawei FusionAccess Product

There is a Denial of Service DoS vulnerability in Huawei FusionAccess Product. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through other device on the same network. Successful exploit could cau...

6.5CVSS6.4AI score0.00634EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/02/05 12:0 a.m.25 views

Security Advisory - Double Free Memory Vulnerability in Huawei Products

There is a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service. Vulnerability ID: HWPSIRT-2019-12420 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID...

7.5CVSS7.5AI score0.00745EPSS
Exploits0Affected Software3
Huawei
Huawei
added 2019/01/09 12:0 a.m.25 views

Security Advisory - Use After Free Vulnerability on Several Smartphones

There is a use after free vulnerability on certain driver component in smartphone. An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition. Vulnerability...

7.1CVSS5.5AI score0.00589EPSS
Exploits0Affected Software4
Huawei
Huawei
added 2018/07/03 12:0 a.m.25 views

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

There is a weak algorithm vulnerability in some Huawei products. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key...

5.9CVSS5.6AI score0.01087EPSS
Exploits0Affected Software15
Huawei
Huawei
added 2018/04/25 12:0 a.m.25 views

Security Advisory - Invalid Memory Access Vulnerability in Some Huawei Products

There is an invalid memory access vulnerability in some Huawei products. An unauthenticated attacker has to find a way to send malformed SCCP messages to the affected products. Due to insufficient input validation of some values in the messages, successful exploit may cause buffer error and some...

4.3CVSS4.3AI score0.00727EPSS
Exploits0Affected Software6
Huawei
Huawei
added 2018/04/18 12:0 a.m.25 views

Security Advisory - Buffer Overflow Vulnerability in Inputhub Driver of Huawei Smart Phone

The inputhub driver of some Huawei mobile phones has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and the APP may sends specific data to the inputhub driver to exploit this vulnerablity, successful exploit could...

7.1CVSS5.7AI score0.00557EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2018/03/07 12:0 a.m.25 views

Security Advisory - Information Leak Vulnerability in Some Huawei Products

There is an information leak vulnerability in the NFC Near Field Communication module of some Huawei mobile phones. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will cause some information leak...

3.5CVSS3.7AI score0.00334EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2018/01/30 12:0 a.m.25 views

Security Advisory - Arbitrary URL Loading Vulnerability in TripAdvisor

The TripAdvisor app pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained ...

6.8CVSS5.5AI score0.0063EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/12/20 12:0 a.m.25 views

Security Advisory - Information Disclosure Vulnerability in CIDAM Protocol on Huawei Products

Part of Huawei Products use the CIDAM protocol, which contains sensitive information in the message when it is implemented. So these products has an information disclosure vulnerability. An authenticated remote attacker could track and get the message of a target system. Successful exploit could...

4.9CVSS4.8AI score0.00772EPSS
Exploits0Affected Software6
Huawei
Huawei
added 2017/12/20 12:0 a.m.25 views

Security Advisory - DoS Vulnerability in Some Huawei Smart Phones

Some Huawei smart phones have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System InformationSI messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart...

6.5CVSS6.5AI score0.00377EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2017/12/15 12:0 a.m.25 views

Security Advisory - Multiple Vulnerabilities in Some Huawei Products

There are two buffer overflow vulnerabilities in some Huawei products. An unauthenticated, remote attacker may send specially crafted SIP packages to the affected products. Due to the insufficient validation of some values for SIP packages, successful exploit may cause services abnormal...

5.3CVSS5.9AI score0.01285EPSS
Exploits0Affected Software44
Huawei
Huawei
added 2017/12/13 12:0 a.m.25 views

Security Advisory - Resource Exhaustion Vulnerability on Several Products

There is a resource exhaustion vulnerability on several products. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack...

5.3CVSS5.3AI score0.01285EPSS
Exploits0Affected Software6
Huawei
Huawei
added 2017/11/29 12:0 a.m.25 views

Security Advisory - Buffer Overflow Vulnerability on Several Products

There is a buffer overflow vulnerability on several products. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot. Vulnerability ID:...

7.8CVSS7.8AI score0.01379EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/10/27 12:0 a.m.25 views

Security Advisory - Permission Control Vulnerability in Smart Phones

Some Huawei Smart phones have a permission control vulnerability. Due to improper authorization configuration on specific device information, an attacker with the root privilege can exploit this vulnerability to modify specific device information. Vulnerability ID: HWPSIRT-2017-08157 This...

4.5AI score0.00215EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/10/25 12:0 a.m.25 views

Security Advisory - DoS Vulnerability in Huawei Firewall Products

There is a DoS vulnerability in some Huawei firewall products. Due to insufficient input validation, a remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause the device...

7.8CVSS7.5AI score0.01295EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/09/27 12:0 a.m.25 views

Security Advisory - Privilege Escalation Vulnerability in Huawei ME906S Products

There has a privilege elevation vulnerability in ME906S Products. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing t...

7.8CVSS7.6AI score0.00303EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/09/01 12:0 a.m.25 views

Security Advisory - Privilege Escalation Vulnerability in Some Huawei APKs

Some Huawei APKs have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead t...

7.1CVSS6.9AI score0.0061EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/08/16 12:0 a.m.25 views

Security Advisory - Arbitrary Memory Write Vulnerability in Some Huawei Smart Phones

The boot loaders of some Huawei mobile phones have a arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory...

9.3CVSS7.8AI score0.00958EPSS
Exploits0Affected Software4
Huawei
Huawei
added 2017/06/12 12:0 a.m.25 views

Security Advisory - Memory Double Free Vulnerability in Touch Panel Driver of Some Huawei Smart Phones

The Touch Panel TP driver of some Huawei smart phones has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which coul...

9.3CVSS7.8AI score0.01015EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/02/08 12:0 a.m.25 views

Security Advisory - Buffer Overflow Vulnerability in Emergdata Driver of Huawei Smart Phones

The emergdata driver of some Huawei smart phones has a buffer overflow vulnerability due to the lack of a parameters check. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart pho...

9.3CVSS7.9AI score0.00743EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/01/25 12:0 a.m.25 views

Security Advisory - Improper Permission Control Vulnerability in Huawei Vmall Alert Service

The AlarmService component in Huawei Vmall has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience. Vulnerability ID: HWPSIRT-2016-11067...

4.3CVSS3.8AI score0.00519EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/01/18 12:0 a.m.25 views

Security Advisory - Phone Activation Bypass Vulnerability in Huawei Smartphones

There is a phone activation bypass vulnerability in Huawei smartphones. Successful exploit could allow an unauthenticated attacker to bypass phone activation to settings page of the phone. Vulnerability ID: HWPSIRT-2016-12004 This vulnerability has been assigned CVE ID: CVE-2017-2705. Huawei has...

2.4CVSS3.6AI score0.00232EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/12/14 12:0 a.m.25 views

Security Advisory - Buffer Overflow Vulnerability in Wi-FI Driver of Huawei Smart Phone

The Wi-Fi driver of some Huawei products has buffer overflow vulnerability due to the lack of a parameters check. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege...

9.3CVSS7.8AI score0.00761EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/11/23 12:0 a.m.25 views

Security Advisory - Integer Overflow Vulnerability in Some Huawei Devices

Some Huawei devices have an integer overflow vulnerability. Due to the lack of validation in some field of the packet, a remote, unauthenticated attacker may craft specific IPFPM packets, probably causing the device to reset. Vulnerability ID: HWPSIRT-2016-04030 This vulnerability has been assign...

7.1CVSS5.9AI score0.01185EPSS
Exploits0Affected Software6
Huawei
Huawei
added 2016/08/15 12:0 a.m.25 views

Security Advisory - Improper Input Validation Vulnerability in AnyMail

Huawei AnyMail has an improper input validation vulnerability when opening compressed email attachments. Successful exploit could cause AnyMail to crash and exit. Vulnerability ID: HWPSIRT-2016-06099 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2016-6826...

7.1CVSS6.6AI score0.00726EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/08/15 12:0 a.m.25 views

Security Advisory - Cleartext Storage of Crytographic Key Vulnerability in FusionCompute

FusionCompute has a key cleartext storage vulnerability. Successful exploit could allow an attacker to obtain AES keys. Vulnerability ID: HWPSIRT-2016-06076 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2016-6827. Huawei has released software updates to fix...

6.5CVSS6.5AI score0.01016EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/08/10 12:0 a.m.25 views

Security Advisory - A Security Vulnerability of Using Insecure Random Numbers to Generate Self-signed Certificates in Huawei Products

Some Huawei products automatically generate self-signed certificates upon the first use. The random numbers used to generate these certificates are not random enough. Different devices' certificates may use the same random number consequently, which contains the risk of an attacker compromising t...

5.3CVSS5.3AI score0.00832EPSS
Exploits0Affected Software12
Huawei
Huawei
added 2016/03/25 12:0 a.m.25 views

Security Advisory - SQL Injection Vulnerability in Policy Center Product

Huawei Policy Center dynamically allocates network resources in a unified manner, enabling the network to provide services with more agility. The Policy Center has a SQL injection vulnerability. After logging in to the target device, a remote attacker could exploit this vulnerability by grafting...

8.1CVSS8.5AI score0.00842EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/01/04 12:0 a.m.25 views

Security Advisory - Input Check Vulnerability in Huawei Smart Phone

There is a vulnerability in a Huawei smart phone that does not validate input parameter. The attacker tricks the user to install a malicious application to obtain system or camera privilege and then can exploit the vulnerability to make the product system panic. Vulnerability ID: HWPSIRT-2015-110...

7.1CVSS5.5AI score0.00561EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2015/11/26 12:0 a.m.25 views

Security Advisory - Improper User Privileges Vulnerability in VCN500

The operation and maintenance unit OMU of Huawei VCN500 Video Cloud Node does not configure user privileges properly. By exploiting this vulnerability, ordinary users can modify the IP address of the media server in system management by sending specially crafted packets to the OMU interface,...

7.1CVSS6.9AI score0.00792EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2015/11/11 12:0 a.m.25 views

Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products

VP9660 is the multi-point control unit of Huawei Video Conference system. The server of the Huawei VP9660 does not validate the input when using build-in WebServer. In such case, an attacker could log in to the device as an business administrator, graft a message to change the specific informatio...

8.5CVSS6.2AI score0.00717EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2015/11/06 12:0 a.m.25 views

Security Advisory - DoS Vulnerability in Camera Driver of Huawei Products

Some Huawei products have a DoS vulnerability. An attacker who has the system or camera permission can input invalid parameters into the camera driver program to crash the system. Vulnerability ID: HWPSIRT-2015-09013 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID...

5.5CVSS5.5AI score0.00212EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2015/11/06 12:0 a.m.25 views

Security Advisory - DoS Vulnerability in GPU Driver of Huawei Products

Some Huawei products have a DoS vulnerability. An attacker may trick a user into installing a malicious application and use it to input invalid parameters into the GPU driver program of the products, which can crash the system of the device. Vulnerability ID: HWPSIRT-2015-09017 This vulnerability...

5.5CVSS5.5AI score0.00212EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2015/10/21 12:0 a.m.25 views

Security Advisory - DHCP Snooping Vulnerability in Huawei Multiple Products

Multiple Huawei products have "DHCP Snooping" function. When the "option82 insert" or "option82 rebuild" is enabled on interface, the device is not able to parse some specific DHCP packet correctly, making the device restart. Vulnerability ID:HWPSIRT-2015-08052 This vulnerability has been assigne...

7.1CVSS6.5AI score0.00853EPSS
Exploits0Affected Software4
Huawei
Huawei
added 2015/01/21 12:0 a.m.25 views

Security Advisory-Authority Control Vulnerability in Quidway Switches

Huawei Quidway switches have the authority control vulnerability in access authentication, which may be exploited by attackers to obtain higher access permissions. Vulnerability ID: HWPSIRT-2014-11119 This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2015-1460...

7.5CVSS6.1AI score0.01148EPSS
Exploits0Affected Software9
Huawei
Huawei
added 2014/01/27 12:0 a.m.25 views

Security Advisory-DoS Vulnerability in Eudemon8000E

Huawei Eudemon8000E firewall allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process become slowly and users may be unable to log in to the device HWPSIRT-2014-0101. This Vulnerability has bee...

7.5CVSS7.1AI score0.00908EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2013/12/28 12:0 a.m.25 views

Security Advisory-Vulnerability in Image Upload of User-defined Devices to Huawei eSight System

Huawei eSight System is an operation and maintenance system that Huawei develops for next-generation wireless/wired enterprise campus networks, enterprise branches, and data centers. When users adapt new devices for it, the server verifies the format of the files to be uploaded unsuccessfully...

6.7AI score
Exploits0Affected Software1
Huawei
Huawei
added 2013/07/18 12:0 a.m.25 views

Security Advisory- Web Interface Authentication Bypass Vulnerability in Huawei Tecal RH2285 V2 Server

Tecal RH2285 V2 is a next-generation 2 U 2-socket rack server. Featuring two Intel® Xeon® E5-2400 series processors, the RH2285 V2 provides large storage capacity, flexible scalability, and superb cost-effectiveness, which is an ideal hardware platform for big data and distributed storage...

6.8AI score
Exploits0Affected Software1
Huawei
Huawei
added 2013/04/03 12:0 a.m.25 views

Security Advisory - Huawei VSM Default User Groups’ Privilege Escalation

VSM Versatile Security Manager is a unified security service management system launched by Huawei for carrier and enterprise customers. VSM contains a vulnerability that default user groups’ privilege could be escalated when one user logs in to the system to modify default user groups’ permission...

6.7AI score
Exploits0Affected Software1
Huawei
Huawei
added 2012/11/24 12:0 a.m.25 views

Security Advisory-Web server vulnerabilities on Huawei E585 pocket Wi-Fi 2 device

HUAWEI E585 Wireless Modem is the terminal which can realize the high-speed wireless network access. The access is realized by the connection between USB interfaces and PCs or by the connection between WiFi and many wireless devices. In the network coverage area of HSPA/UMTS or EDGE/GPRS/GSM, use...

7AI score
Exploits0Affected Software2
Huawei
Huawei
added 2024/04/17 12:0 a.m.24 views

Security Advisory - Memory Overflow Vulnerability in Some Huawei Smart Speakers

Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail.Vulnerability ID:HWPSIRT-2022-52860 This vulnerability has been assigned a CVEID:CVE-2022-48681...

8.8CVSS6.9AI score0.00194EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1006