Lucene search
K
HuaweiMost viewed

1006 matches found

Huawei
Huawei
•added 2020/05/27 12:0 a.m.•100 views

Security Advisory - Kr00k Vulnerability in Broadcom Wi-Fi chips

There is an information disclosure vulnerability named Kr00k in Broadcom Wi-Fi chips. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information...

3.1CVSS5.5AI score0.07709EPSS
Exploits7Affected Software2
Huawei
Huawei
•added 2020/02/19 12:0 a.m.•99 views

Security Advisory - Resource Management Error Vulnerability on Some Huawei Products

Some Huawei products have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices...

7.5CVSS7.5AI score0.00775EPSS
Exploits0Affected Software3
Huawei
Huawei
•added 2021/10/20 12:0 a.m.•98 views

Security Advisory - Out of Bounds Write Vulnerability in Some Huawei Products

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition. Vulnerability ID:...

7.5CVSS7.5AI score0.00655EPSS
Exploits0Affected Software7
Huawei
Huawei
•added 2020/02/19 12:0 a.m.•98 views

Security Advisory - Information Leakage Vulnerability in Some Huawei Products

There is an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage. Vulnerability ID: HWPSIRT-2019-04203 This...

4.4CVSS4.5AI score0.0022EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2020/02/19 12:0 a.m.•97 views

Security Advisory - Access Control Bypass Vulnerability in Some Huawei Products

There is an access control bypass vulnerability in some Huawei products. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet...

7.5CVSS7.5AI score0.00664EPSS
Exploits0Affected Software3
Huawei
Huawei
•added 2015/04/10 12:0 a.m.•97 views

Security Advisory - Xen Vulnerabilities on Huawei FusionSphere products

This security advisory SA describes the impact of Xen vulnerabilities discovered in website. This vulnerability is referenced in this document as follows: XSA-120: Non-maskable interrupts triggerable by guests. In the event that the platform surfaces aforementioned UR responses as Non-Maskable...

7.2CVSS6.8AI score0.04492EPSS
Exploits5Affected Software3
Huawei
Huawei
•added 2020/07/01 12:0 a.m.•96 views

Security Advisory - CallStranger Vulnerability in UPnP Protocol

There is an vulnerability in UPnP protocol that does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, named CallStranger. The UPnP function of Huawei product is enabled only on the LAN side and ...

7.8CVSS7.6AI score0.15193EPSS
Exploits3Affected Software2
Huawei
Huawei
•added 2019/09/25 12:0 a.m.•96 views

Security Advisory - Two Integer overflow Vulnerabilities in Some Huawei Smart Phones

Some Huawei smart phones have two integer overflow vulnerabilities due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this...

9.3CVSS8.2AI score0.00942EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2019/12/04 12:0 a.m.•95 views

Security Advisory - Insufficient Verification of Data Authenticity Vulnerability in Some Huawei Products

Some Huawei products has an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modifies the packets, and sends the modified packets to the peer device. Due to insufficient verification of some...

5.9CVSS5.7AI score0.00358EPSS
Exploits0Affected Software26
Huawei
Huawei
•added 2019/02/28 12:0 a.m.•95 views

Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones

There is a Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operation, As a result, the FRP function is bypassed and the attacker gains...

4.6CVSS4.7AI score0.00235EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2020/01/08 12:0 a.m.•94 views

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Vulnerability ID: HWPSIRT-2019-04082 Th...

5.3CVSS5.2AI score0.00452EPSS
Exploits0Affected Software23
Huawei
Huawei
•added 2014/06/13 12:0 a.m.•93 views

Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products

This security advisory SA describes the impact of 7 OpenSSL vulnerabilities discovered in third-party software. The vulnerabilities are referenced in this document as follows: 1.SSL/TLS Man-in-the-Middle Vulnerability CVE-2014-0224. An unauthenticated, remote attacker with the ability to intercep...

7.4CVSS8AI score0.99977EPSS
Exploits14Affected Software76
Huawei
Huawei
•added 2020/07/22 12:0 a.m.•92 views

Security Advisory - fastjson Injection Vulnerability in Huawei Products

fastjson have the similar vulnerability with CVE-2020-8840 that could deserialize data without proper validation, allowing a maliciously client to perform remote code execution on a service with the required characteristics. Vulnerability ID: HWPSIRT-2020-02150 Huawei has released software update...

9.8CVSS9.6AI score0.26587EPSS
Exploits5Affected Software1
Huawei
Huawei
•added 2020/07/15 12:0 a.m.•92 views

Security Advisory - Apache Tomcat File Inclusion Vulnerability

There is a file inclusion vulnerability in the implementation of the AJP protocol in Apache Tomcat. Attackers can send malicious AJP requests to exploit this vulnerability. Successful exploit could cause the remote attacker read any file in a specified directory without authorization. Vulnerabili...

9.8CVSS9.5AI score0.9927EPSS
Exploits45Affected Software1
Huawei
Huawei
•added 2020/02/19 12:0 a.m.•92 views

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some Huawei products. In some abnormal cases, the software doesn't correctly process data. An attacker can exploit this vulnerability to cause new connections can't be established. Vulnerability ID: HWPSIRT-2019-12400 This vulnerability has been...

7.5CVSS7.3AI score0.00767EPSS
Exploits0Affected Software3
Huawei
Huawei
•added 2014/07/07 12:0 a.m.•92 views

Security Advisory-Apache Struts2 vulnerability on Huawei multiple products

Some versions of Apache Struts2 software used in Huawei devices have security vulnerabilities. A patch released for the software to fix vulnerabilities CVE-2014-0050 and CVE-2014-0094 has the risk of being bypassed. Vulnerability ID: HWPSIRT-2014-0420 This Vulnerability has been assigned Common...

7.5CVSS2.2AI score0.99614EPSS
Exploits15Affected Software12
Huawei
Huawei
•added 2019/11/27 12:0 a.m.•91 views

Security Advisory - Information Leak Vulnerability in Huawei Smart Speaker Myna

There is an information leak vulnerability in Huawei smart speaker Myna. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations. Vulnerability ID: HWPSIRT-2019-08059 This vulnerability has been assigned a Common Vulnerabiliti...

5.4CVSS5.2AI score0.003EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2020/11/05 12:0 a.m.•90 views

Security Advisory - Netlogon Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...

10CVSS8.1AI score0.99512EPSS
Exploits75Affected Software2
Huawei
Huawei
•added 2019/10/23 12:0 a.m.•90 views

Security Advisory - Out-Of-Bound Read Vulnerability in Some Huawei Products

There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service abnormal. Vulnerability I...

7.5CVSS7.8AI score0.00928EPSS
Exploits0Affected Software25
Huawei
Huawei
•added 2019/10/23 12:0 a.m.•90 views

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service abnormal. Vulnerability ID: HWPSIRT-2019-04075 This...

6.5CVSS6.5AI score0.00872EPSS
Exploits0Affected Software21
Huawei
Huawei
•added 2015/08/09 12:0 a.m.•90 views

Security Advisory - Stagefright Vulnerability in Multiple Huawei Android Products

The Stagefright media player engine in Android OS has multiple vulnerabilities, which can be exploited to remotely execute code in affected devices. Vulnerability ID: HWPSIRT-2015-07056, HWPSIRT-2015-07057, HWPSIRT-2015-07058, HWPSIRT-2015-07059, HWPSIRT-2015-07060, HWPSIRT-2015-07061 and...

10CVSS6.5AI score0.99064EPSS
Exploits6Affected Software8
Huawei
Huawei
•added 2020/08/26 12:0 a.m.•88 views

Security Advisory - Distributed Denial-of-Service Vulnerablility in Some Huawei Products

There is a DDoS vulnerability called "NXNSAttack" in some Huawei products. There is no effective limitation on the number of fetches performed when the DNS recursive server processes references. An attacker can exploit this vulnerability by sending a request for an attacker-controlled domain to a...

8.6CVSS8.6AI score0.10593EPSS
Exploits1Affected Software1
Huawei
Huawei
•added 2020/01/15 12:0 a.m.•88 views

Security Advisory - Buffer Overflow Vulnerability in QEMU-KVM

There is a buffer overflow vulnerability in the vhost module of QEMU-KVM. During the hot migration of the target VM, an attacker with guest user account may send descriptors with invalid length to the affected host to exploit this vulnerability. Successfully exploited may cause the kernel buffer...

7.8CVSS7.9AI score0.00627EPSS
Exploits1Affected Software3
Huawei
Huawei
•added 2019/10/23 12:0 a.m.•87 views

Security Advisory - Insufficient Authentication Vulnerability in Several Smartphones

There is an insufficient authentication vulnerability on several smartphones. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock...

2.4CVSS3.7AI score0.00214EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2018/06/06 12:0 a.m.•87 views

Security Advisory - CPU Vulnerabilities Meltdown and Spectre

Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. Vulnerability ID:...

4.7CVSS0.93838EPSS
Exploits13Affected Software125
Huawei
Huawei
•added 2014/10/08 12:0 a.m.•87 views

Security Advisory-9 OpenSSL vulnerabilities on Huawei products

This security advisory SA describes the impact of 9 OpenSSL vulnerabilities discovered in third-party software. Vulnerability ID: HWPSIRT-2014-0816 These vulnerabilities are referenced in this document as follows: 1.Information leak in pretty printing functions CVE-2014-3508. A flaw in OBJobj2txt...

7.5CVSS6.8AI score0.7408EPSS
Exploits0Affected Software59
Huawei
Huawei
•added 2019/11/27 12:0 a.m.•86 views

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation. Vulnerability ID: HWPSIRT-2019-02253 This vulnerabili...

2.4CVSS3.5AI score0.00209EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2020/01/15 12:0 a.m.•85 views

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

There is a Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. As a...

4.6CVSS4.7AI score0.00214EPSS
Exploits0Affected Software28
Huawei
Huawei
•added 2024/06/19 12:0 a.m.•84 views

Security Advisory - Connection Hijacking Vulnerability in Some Huawei Home Routers

Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.Vulnerability ID:HWPSIRT-2023-76605 This vulnerability has been assigned a CVEID:CVE-2023-7266...

8.1CVSS6.5AI score0.00269EPSS
Exploits0Affected Software3
Huawei
Huawei
•added 2019/12/04 12:0 a.m.•84 views

Security Advisory - Denial of Service Vulnerability in some Huawei Products

Some Huawei products have a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target...

7.4CVSS7.3AI score0.00306EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2019/08/14 12:0 a.m.•84 views

Two Denial of Service Vulnerabilities on Some Huawei Smartphones

There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause an...

5.3CVSS5.6AI score0.0031EPSS
Exploits0Affected Software65
Huawei
Huawei
•added 2021/06/19 12:0 a.m.•83 views

Security Advisory - Deserialization Vulnerability in Huawei AnyOffice Product

There is a deserialization vulnerability in Huawei AnyOffice product. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device. Vulnerability ID:...

9.3CVSS8.3AI score0.00826EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2020/01/22 12:0 a.m.•82 views

Security Advisory - Insufficient Authentication Vulnerability in Some Huawei products

There is an insufficient authentication vulnerability in some Huawei products. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege. Vulnerability ID: HWPSIRT-2019-10077 Thi...

6.8CVSS6.6AI score0.00236EPSS
Exploits0Affected Software5
Huawei
Huawei
•added 2019/12/04 12:0 a.m.•82 views

Security Advisory - Path Traversal Vulnerability in Several Smartphones

There is a path traversal vulnerability in several smartphones. The system does not sufficiently validate certain pathname from the application, an attacker should trick the user into installing, backing up and restoring a malicious application, successful exploit could cause information...

5.5CVSS5.2AI score0.00839EPSS
Exploits0Affected Software57
Huawei
Huawei
•added 2017/05/03 12:0 a.m.•82 views

Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products

On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client...

7.5CVSS7.1AI score0.57595EPSS
Exploits6Affected Software18
Huawei
Huawei
•added 2020/05/27 12:0 a.m.•81 views

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain...

4.6CVSS4.7AI score0.00223EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2014/12/15 12:0 a.m.•81 views

Security Advisory-SSLv3 POODLE Vulnerability in Huawei Products

The SSLv3 protocol supported by some Huawei products has the so-called Padding Oracle On Downgraded Legacy Encryption POODLE vulnerability. The attacker can launch a man-in-the-middle attack to manipulate the TLS negotiation process so that the communication parties use SSLv3, which has informati...

4.3CVSS2.4AI score0.99999EPSS
Exploits7Affected Software50
Huawei
Huawei
•added 2020/02/19 12:0 a.m.•80 views

Security Advisory - Invalid Pointer Access Vulnerability in Some Huawei Products

There is an invalid pointer access vulnerability in some products. The software system access an invalid pointer when an abnormal condition occurs in certain operation. Successful exploit could cause certain process reboot. Vulnerability ID: HWPSIRT-2019-12411 This vulnerability has been assigned...

5.5CVSS5.3AI score0.00199EPSS
Exploits0Affected Software3
Huawei
Huawei
•added 2017/05/31 12:0 a.m.•80 views

Security Advisory - Authentication Bypass Vulnerability in the Backup Function of GaussDB

The backup function of GaussDB has an authentication bypass vulnerability. An attacker with low privilege may bypass the authentication of the backup function of database to start or stop the backup function, causing the backup function abnormal. Vulnerability ID: HWPSIRT-2017-05044 This...

4CVSS7.9AI score0.03298EPSS
Exploits1Affected Software1
Huawei
Huawei
•added 2019/12/04 12:0 a.m.•79 views

Security Advisory - DoS Vulnerability in Some Huawei Products

Some Huawei products have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal. Vulnerability ID:...

6.5CVSS6.4AI score0.00634EPSS
Exploits0Affected Software10
Huawei
Huawei
•added 2018/02/28 12:0 a.m.•79 views

Security Advisory - Remote Code Execution Vulnerability in Jackson JSON library of Apache Struts2

Apache Struts2 released a remote code execution vulnerability in S2-055 on the official website. An attacker is possible to perform a Remote Code Execution RCE attack with a malicious JSON packet. Vulnerability ID: HWPSIRT-2017-12002 This vulnerability has been assigned a Common Vulnerabilities a...

9.8CVSS9.4AI score0.37925EPSS
Exploits7Affected Software4
Huawei
Huawei
•added 2020/07/15 12:0 a.m.•78 views

Security Advisory - Two Vulnerabilities in SaltStack Salt

An authentication bypass vulnerability was discovered in SaltStack Salt. An attacker may exploit the vulnerability to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions. Vulnerability ID: HWPSIRT-2020-05592 This vulnerability has been assigned a Common...

9.8CVSS8.7AI score0.96405EPSS
Exploits25Affected Software1
Huawei
Huawei
•added 2020/05/27 12:0 a.m.•78 views

Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products

There is a privilege escalation vulnerability in the ioctl handlers of the Mediatek CMDQ driver. Local attackers can exploit this vulnerability to read and write to the system memory. Successful exploit may lead to local escalation of privilege. Vulnerability ID: HWPSIRT-2020-03106 This...

7.8CVSS7.6AI score0.01299EPSS
Exploits2Affected Software28
Huawei
Huawei
•added 2020/05/27 12:0 a.m.•78 views

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Vulnerability ID:...

7.5CVSS7.4AI score0.00745EPSS
Exploits0Affected Software7
Huawei
Huawei
•added 2020/02/19 12:0 a.m.•78 views

Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products

There is an out-of-bounds read vulnerability in some huawei products. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the device reboot...

7.8CVSS7.5AI score0.00769EPSS
Exploits0Affected Software4
Huawei
Huawei
•added 2020/01/02 12:0 a.m.•78 views

Security Advisory - Improper Credentials Management Vulnerability in Some Products

There is an improper credentials management vulnerability in some products. The software does not properly manage certain credential, successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity. Vulnerability ID: HWPSIRT-2018-12263 This vulnerabili...

8.2CVSS7.8AI score0.00644EPSS
Exploits0Affected Software1
Huawei
Huawei
•added 2019/12/04 12:0 a.m.•78 views

Security Advisory - Remote Code Execution Vulnerability in Fastjson

A remote code execution vulnerability exists in the open-source JSON parsing library Fastjson. Remote attackers can send crafted JSON data packets to exploit this vulnerability. Successfully exploit could allow the attacker to execute arbitrary code on the target Fastjson server. Vulnerability ID...

8.4AI score
Exploits0Affected Software8
Huawei
Huawei
•added 2019/07/12 12:0 a.m.•77 views

Security Advisory - Intel Microarchitectural Data Sampling (MDS) vulnerabilities

Intel officially released a group of microarchitecture data sampling MDS vulnerabilities. An attacker with local access to a targeted system may exploit these vulnerabilities to obtain data on the targeted system, causing some information leakage. Vulnerability ID: HWPSIRT-2019-05136,...

5.6CVSS7AI score0.01553EPSS
Exploits0Affected Software66
Huawei
Huawei
•added 2018/10/31 12:0 a.m.•77 views

Security Advisory - SegmentSmack Vulnerability in Linux Kernel

There is a DoS vulnerability in the Linux Kernel versions 4.9+ known as a SegmentSmack attack. Remote attackers may send TCP packets to Linux kernel to make it calls the very expensive functions tcpcollapseofoqueue and tcppruneofoqueue of the affected device which can lead to a denial of service...

7.8CVSS7.3AI score0.7354EPSS
Exploits0Affected Software8
Huawei
Huawei
•added 2025/03/26 12:0 a.m.•76 views

Security Advisory - Authentication Bypass Vulnerability in Huawei PC Products

Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks. Successful exploitation this vulnerability could lead to termination of some system processes.Vulnerability ID:HWPSIRT-2023-15366 This vulnerability has been assigned a CVEID:CVE-2023-52972...

5.5CVSS6.9AI score0.00095EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1006