Lucene search
K
HuaweiMost viewed

1006 matches found

Huawei
Huawei
added 2020/12/16 12:0 a.m.24 views

Security Advisory - Use after Free Vulnerability in Huawei Product

There is a use after free vulnerability on Huawei smartphones. A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would...

5.5CVSS5.5AI score0.00488EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/08/19 12:0 a.m.24 views

Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone

There is an out of bound read vulnerability in Huawei smartphones. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service...

5.5CVSS5.3AI score0.00199EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/07/29 12:0 a.m.24 views

Security Advisory - Insufficient Authentication Vulnerabilities in Some Huawei Smart Phone Product

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. Vulnerability ID: HWPSIRT-2019-12302 Th...

3.3CVSS6.3AI score0.00118EPSS
Exploits1Affected Software1
Huawei
Huawei
added 2020/06/17 12:0 a.m.24 views

Security Advisory - Information Disclosure Vulnerability in Several Products

There is an information disclosure vulnerability in several products. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure. Vulnerability...

6.5CVSS6.1AI score0.0038EPSS
Exploits0Affected Software4
Huawei
Huawei
added 2020/03/11 12:0 a.m.24 views

Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone

There is an improper authentication vulnerability in some Huawei smartphone. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. Vulnerabili...

5.5CVSS5.4AI score0.00224EPSS
Exploits0Affected Software3
Huawei
Huawei
added 2018/09/12 12:0 a.m.24 views

Security Advisory - FRP Bypass Vulnerability on Smartphones

There is a Factory Reset Protection FRP bypass vulnerability on some Huawei smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the...

4.6CVSS4.7AI score0.00235EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2018/08/27 12:0 a.m.24 views

Security Advisory - Plug-in Signature Bypass Vulnerability in Some Huawei Products

There is a plug-in signature bypass vulnerability in some Huawei products due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root...

9.3CVSS7.5AI score0.00842EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2018/04/18 12:0 a.m.24 views

Security Advisory - Buffer Error Vulnerability in Some Huawei Products

There are a buffer error vulnerability in Electronic Numbers to URI Mapping ENUM module some Huawei products. An unauthenticated, remote attacker has to control the peer device and send specially crafted ENUM packets to the affected products. Due to insufficient verification of some values in the...

7.5CVSS7.7AI score0.01279EPSS
Exploits0Affected Software6
Huawei
Huawei
added 2018/01/24 12:0 a.m.24 views

Security Advisory - Integer Overflow Vulnerability on Smartphones

There is an integer overflow vulnerability on smartphones. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit...

7.8CVSS7.9AI score0.00905EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/12/15 12:0 a.m.24 views

Security Advisory - Multiple Vulnerabilities in Some Huawei Products

There are two buffer overflow vulnerabilities in some Huawei products. An unauthenticated, remote attacker may send specially crafted SIP packages to the affected products. Due to the insufficient validation of some values for SIP packages, successful exploit may cause services abnormal...

5.3CVSS5.9AI score0.01285EPSS
Exploits0Affected Software44
Huawei
Huawei
added 2017/12/13 12:0 a.m.24 views

Security Advisory - Memory Leak Vulnerability in Some Huawei AntiDDOS Products

Some Huawei AntiDDOS products have a memory leak vulnerability due to memory don't be released when the system open some function. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. Vulnerability ID: HWPSIRT-2017-06145 This vulnerability has been...

5.3CVSS5.1AI score0.00911EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/12/13 12:0 a.m.24 views

Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products

Some Huawei products have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to writ...

7.1CVSS6.2AI score0.01079EPSS
Exploits0Affected Software18
Huawei
Huawei
added 2017/12/06 12:0 a.m.24 views

Security Advisory - Denial of Service Vulnerability on Several Huawei Products

There is a denial of service vulnerability on several products. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A remote unauthenticated attacker could send a lot of crafted SSL messages to the device, successful exploit could cause no space in t...

7.5CVSS7.6AI score0.01279EPSS
Exploits0Affected Software4
Huawei
Huawei
added 2017/11/29 12:0 a.m.24 views

Security Advisory - Memory Leak Vulnerability in Some Huawei Network Products

Patch module of some Huawei products have a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally. Vulnerability ID: HWPSIRT-2016-08051 This vulnerability has been assigned a CVE I...

6.8CVSS6.5AI score0.00794EPSS
Exploits0Affected Software4
Huawei
Huawei
added 2017/09/20 12:0 a.m.24 views

Security Advisory - Information Leakage Vulnerability on OceanStor

There is an information leakage vulnerability on OceanStor. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information. Vulnerability ID: HWPSIRT-2017-06256 This vulnerability has been assigned a Common Vulnerabilities and...

5.9CVSS5.8AI score0.00567EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2017/04/19 12:0 a.m.24 views

Security Advisory - Plaintext Storage of Users’ Safe Passwords in the Files APP in Huawei Mobile Phones

The Files APP in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. Vulnerability ID: HWPSIRT-2017-03222 Th...

6.7CVSS6.3AI score0.00177EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/04/19 12:0 a.m.24 views

Security Advisory - DoS Vulnerability in Some Huawei Products

There is a denial of service DoS vulnerability in some Huawei smart phones due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of...

7.1CVSS5.3AI score0.00478EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/03/15 12:0 a.m.24 views

Security Advisory - DoS Vulnerability in Vibrator Service of Huawei Smart Phones

The vibrator service of some Huawei smart phones has DoS vulnerability due to the lack of a parameters check. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the system...

7.1CVSS5.3AI score0.0055EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/10/26 12:0 a.m.24 views

Security Advisory - DOS Vulnerability in ION Memory Management Module of Huawei Smart Phone

A denial of service DoS vulnerability exists in the ION memory management module of some Huawei mobile phones. An attacker may trick a user into installing a malicious app to send specific parameters to a Huawei mobile phone. Successful exploit could cause the system to restart.Vulnerability ID:...

7.1CVSS5.3AI score0.00555EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/10/26 12:0 a.m.24 views

Security Advisory - Defense Mechanism Bypass Vulnerability in Huawei USG Products

There is a defense mechanism bypass vulnerability in Huawei USG products. Successful exploit could allow an attacker to bypass the anti-DDoS module of the USGs to send massive HTTP packets, possibly causing a denial of service condition on the backend server. Vulnerability ID: HWPSIRT-2016-07050...

7.8CVSS7.5AI score0.01011EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/09/14 12:0 a.m.24 views

Security Advisory - Buffer Overflow Vulnerability in Huawei USG Products

The Point-to-Point Protocol over Ethernet PPPoE module of the USG has a buffer overflow vulnerability. When Challenge Handshake Authentication Protocol CHAP authentication is configured on the server, an attacker may send abnormal attack packets to the server during authentication to cause buffer...

9.8CVSS10AI score0.05613EPSS
Exploits0Affected Software4
Huawei
Huawei
added 2016/06/15 12:0 a.m.24 views

Security Advisory - Token Transmission in Plaintext Vulnerability in OceanStor Products

The OceanStor 5300 V3/5500 V3/5600 V3/5800 V3/6800 V3/ 18800 V3/18500 V3 are mid-range and high-end storage products newly developed by Huawei Technologies Co., Ltd Huawei for short. This series is ideal for processing existing storage applications and follows the future development trend of...

7.5CVSS7.2AI score0.00715EPSS
Exploits0Affected Software10
Huawei
Huawei
added 2016/01/13 12:0 a.m.24 views

Security Advisory - ICMPv6 DoS Vulnerability in Huawei Switches

Multiple Huawei switches improperly release memory for ICMPv6 packets of a specific type. After the switch receives a specially crafted ICMPv6 packet, memory leak occurs, causing the switch to restart if the allocated memory is exhausted. Vulnerability ID: HWPSIRT-2015-11034 This vulnerability ha...

7.8CVSS7.5AI score0.01322EPSS
Exploits0
Huawei
Huawei
added 2016/01/05 12:0 a.m.24 views

Security Advisory - DoS Vulnerabilities in Driver of Huawei Smart Phones

There is a Denial of Service DoS vulnerability in ION driver and Maximsmartpadev driver in some Huawei smart phones respectively. An attacker may trick a user into installing a malicious application and the application can access invalid address of driver to crash the system. Vulnerability ID:...

7.1CVSS5.3AI score0.00846EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2015/11/26 12:0 a.m.24 views

Security Advisory - VCN500 SQL Injection Vulnerability

The operation and maintenance unit OMU of Huawei VCN500 Video Cloud Node does not validate parameters of received HTTP requests, which allows an attacker to launch the SQL injection attack against VCN500 by sending manually crafted packets. Vulnerability ID: HWPSIRT-2015-09016 This vulnerability...

8.8CVSS9.1AI score0.00863EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2015/04/29 12:0 a.m.24 views

Security Advisory-Information Disclosure Vulnerability on E355s Mobile WiFi

E355s have an information disclosure vulnerability that could be exploited by an attacker to graft attack commands or capture network communications to obtain the configuration and user information without login Vulnerability ID: HWPSIRT-2015-02002. This Vulnerability has been assigned Common...

5CVSS5.8AI score0.00853EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2014/12/24 12:0 a.m.24 views

Security Advisory-Privilege Escalation Vulnerability in IPMICommand of the HMM Software in a Huawei Server Product

The Hyper Module Management HMM software of some Huawei server products has a security vulnerability. When the operator of the HMM software uses the IPMICommand to perform operations on the iMana software, the operator can modify the user configuration of iMana through privilege escalation...

8.8CVSS8.5AI score0.00883EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2014/10/09 12:0 a.m.24 views

Security Advisory-Memory Overflow Vulnerabilities on Huawei E5332 Webserver

Huawei E5332 wireless router has the following two memory overflow vulnerabilities: Memory overflow occurs when the E5332 Webserver parses a specially crafted HTTP request message, causing the device reboot Vulnerability ID: HWPSIRT-2014-0861. This Vulnerability has been assigned Common...

6.8CVSS6.2AI score0.0122EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2014/04/23 12:0 a.m.24 views

Security Advisory-Improper Input Validation Vulnerability on Multiple Quidway Switch Products

Reported by the internal R&D engineers, several switch products does not validate the input properly. This vulnerability enables attacker to launch DoS attack by crafting and sending malformed packet to these vulnerable products Vulnerability ID: HWPSIRT-2014-0301. This Vulnerability has been...

7.8CVSS7.6AI score0.00924EPSS
Exploits0Affected Software7
Huawei
Huawei
added 2023/01/18 12:0 a.m.23 views

Security Advisory - Misinterpretation of Input Vulnerability in Huawei Printer

There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal.Vulnerability ID:HWPSIRT-2022-78037 This vulnerability has been assigned a CVE ID: CVE-2022-48261...

7.5CVSS7AI score0.0046EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/12/16 12:0 a.m.23 views

Security Advisory - Resource Management Errors Vulnerability in Huawei Smartphone Product

There is a resource management errors vulnerability in Huawei smartphone product. Local attackers construct malicious application files, causing system applications to run abnormally. Vulnerability ID: HWPSIRT-2020-06020 This vulnerability has been assigned a Common Vulnerabilities and Exposures...

5.5CVSS5.3AI score0.00187EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/08/19 12:0 a.m.23 views

Security Advisory - Information Leak Vulnerability in Huawei Products

There is an information leak vulnerability in Huawei FusionCompute. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. Vulnerability ID: HWPSIRT-2020-05037 This vulnerability ha...

6.5CVSS6.3AI score0.00607EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/04/15 12:0 a.m.23 views

Security Advisory - Information Disclosure Vulnerability in Several Smartphones

There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, successful exploit...

5.3CVSS5.1AI score0.00309EPSS
Exploits0Affected Software3
Huawei
Huawei
added 2020/02/21 12:0 a.m.23 views

Security Advisory - Privilege Escalation Vulnerability in Huawei PCManager Product

There is a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID: HWPSIRT-2019-10117 This...

7.8CVSS7.6AI score0.00229EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2018/05/30 12:0 a.m.23 views

Security Advisory - Stored XSS Vulnerability in eSpace Desktop

There is a stored cross-site scripting XSS vulnerability in eSpace Desktop. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the...

5.4CVSS5.3AI score0.00557EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2018/05/23 12:0 a.m.23 views

Security Advisory - Authentication Bypass Vulnerability in Some Huawei Servers

The iBMC Intelligent Baseboard Management Controller of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some...

7.5CVSS7.7AI score0.01632EPSS
Exploits0Affected Software20
Huawei
Huawei
added 2018/04/13 12:0 a.m.23 views

Security Advisory - Authentication Bypass Vulnerability in Some Pre-installed Apps on Huawei Phones

There is an authentication bypass vulnerability in some pre-installed apps on Huawei mobile phones due to insufficient validation on invocation requests. An attacker may trick a user into installing a malicious app which can invoke the open interfaces of the vulnerable apps to install any apps...

4.3CVSS5AI score0.00666EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2018/03/21 12:0 a.m.23 views

Security Advisory - Weak Algorithm Vulnerability on Huawei Products

There is a weak encryption algorithm security vulnerability in the DBS3900 TDD LTE. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit th...

4.3CVSS4.6AI score0.00448EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2018/02/28 12:0 a.m.23 views

Security Advisory - Buffer Error Vulnerability in Some Huawei Products

There is a buffer overflow vulnerability in the SCCP Signalling Connection Control Part module of some Huawei products. An attacker has to find a way to send malformed packets to the affected products repeatedly. Due to insufficient input validation, successful exploit may cause some service...

3.1CVSS4.1AI score0.00298EPSS
Exploits0Affected Software6
Huawei
Huawei
added 2018/01/31 12:0 a.m.23 views

Security Advisory - Directory Traversal Vulnerability in Huawei eSpace Product

There is a directory traversal vulnerability in Huawei eSpace product. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash...

8.8CVSS8.6AI score0.02071EPSS
Exploits0Affected Software3
Huawei
Huawei
added 2018/01/29 12:0 a.m.23 views

Security Advisory - Buffer Overflow Vulnerability in the Bluetooth Module of Some Huawei Mobile Phones

There is a buffer overflow vulnerability in the Bluetooth module of some Huawei mobile phones. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth AVDTP/AVCTP messages after successful paring, causing buffer overflow. Successful exploit may cause code execution...

8.8CVSS9.1AI score0.0057EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/12/20 12:0 a.m.23 views

Security Advisory - Integer Overflow Vulnerability on Smartphones

There is an integer overflow vulnerability on smartphones. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure. Vulnerability...

7.1CVSS5.3AI score0.00761EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/12/06 12:0 a.m.23 views

Security Advisory - Double Free Vulnerability in Flp Driver of Some Huawei Smart Phones

The Flp Driver of some Huawei smart phones has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service DoS attack. Vulnerability ID: HWPSIRT-2017-0813...

7.1CVSS5.3AI score0.0056EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/12/06 12:0 a.m.23 views

Security Advisory - Input Validation Vulnerability in Multiple Huawei Products

There is an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol SCTP packet and send it to the device, causing the device to read out of bounds and...

7.8CVSS7.6AI score0.01314EPSS
Exploits0Affected Software15
Huawei
Huawei
added 2017/10/18 12:0 a.m.23 views

Security Advisory - Type Confusion Vulnerability on Huawei Smartphones

There is a type confusion vulnerability on Huawei smartphones. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then m...

9.3CVSS7.9AI score0.01035EPSS
Exploits0Affected Software4
Huawei
Huawei
added 2017/07/05 12:0 a.m.23 views

Security Advisory - DoS Vulnerability in TLS of Some Huawei Products

There is a input validation vulnerability in some huawei products when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. Vulnerability ID: HWPSIRT-2017-03121...

5.3CVSS5.2AI score0.00614EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/06/14 12:0 a.m.23 views

Security Advisory - Permission Control Vulnerability in Smart Phones

Some Huawei Smart phones have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user. Vulnerability ID: HWPSIRT-2017-04123 This...

5.1AI score0.00671EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/05/31 12:0 a.m.23 views

Security Advisory - Two Privilege Escalation Vulnerabilities in the GaussDB

There is a privilege escalation vulnerability in the validator functions of the GaussDB. An attacker may log in to the system as a low-privilege user and execute the high-privilege functions. Then, the attacker may obtain the high-privilege of the GaussDB and crash the system. Vulnerability ID:...

6.5CVSS6.9AI score0.0493EPSS
Exploits2Affected Software1
Huawei
Huawei
added 2016/09/28 12:0 a.m.23 views

Security Advisory - Path Traversal Vulnerability in Multiple Huawei Products

Multiple Huawei products have a path traversal vulnerability. Due to the insufficient path validation, an authenticated attacker may exploit this vulnerability to download some files without authorization, causing information leak. Vulnerability ID: HWPSIRT-2016-07025 This vulnerability has been...

6.5CVSS6.5AI score0.01575EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/09/21 12:0 a.m.23 views

Security Advisory - DoS Vulnerability in Multiple Huawei Products

There is a DoS vulnerability in some Huawei products. A remote attacker can directly access the device through a certain URL without login authentication, which can make the device restart. Vulnerability ID: HWPSIRT-2016-06063 This vulnerability has been assigned Common Vulnerabilities and...

7.8CVSS7.5AI score0.012EPSS
Exploits0Affected Software3
Total number of security vulnerabilities1006