Lucene search
K
HuaweiMost viewed

1006 matches found

Huawei
Huawei
added 2017/12/15 12:0 a.m.39 views

Security Advisory - Multiple Vulnerabilities in XML Parser of Some Huawei Products

There are multiple buffer overflow vulnerabilities in some Huawei products due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks or remote code execution on the device. Vulnerability ID...

7.8CVSS6.7AI score0.00578EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/12/06 12:0 a.m.39 views

Security Advisory - Memory Leak Vulnerability in Multiple Products

Some Huawei products have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the...

4.3CVSS4.2AI score0.0072EPSS
Exploits0Affected Software8
Huawei
Huawei
added 2017/11/29 12:0 a.m.39 views

Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products

Multiple denial of service vulnerabilities were disclosed on Network Time Protocol NTP offical website. Attackers can exploit these vulnerabilities to cause a denial of service DoS condition. If trap service is enabled, an attacker can exploit this vulnerabilityc by sending a specially crafted...

7.5CVSS7.3AI score0.52935EPSS
Exploits12Affected Software6
Huawei
Huawei
added 2017/11/29 12:0 a.m.39 views

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

Some Huawei products have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. Vulnerability ID: HWPSIRT-2017-08151 This vulnerability has been assign...

5.5CVSS5.3AI score0.00222EPSS
Exploits0Affected Software6
Huawei
Huawei
added 2017/10/18 12:0 a.m.39 views

Security Advisory - Multiple Vulnerabilities in FusionSphere OpenStack

There is a privilege escalation vulnerability in Huawei FusionSphere OpenStack. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation. Vulnerability ID: HWPSIRT-2017-07053 This...

7.2CVSS6.7AI score0.01681EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/09/20 12:0 a.m.39 views

Security Advisory - Two Vulnerabilities in Some Huawei CPE Devices

The outdoor unit of some Customer Premise Equipment CPE has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without...

8.4CVSS7.5AI score0.00295EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/05/31 12:0 a.m.39 views

Security Advisory - Command Injection Vulnerability in the NetEco

Huawei iManager NetEco has a command injection vulnerability due to insufficient input validation. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a high...

8.8CVSS8.8AI score0.01537EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/12/14 12:0 a.m.39 views

Security Advisory - E-mail Information Leak Vulnerability in Android System

The Security Bulletin describes an E-mail Information Leak Vulnerability in Android System discovered by Google CVE-2016-3918. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to obtain information in the...

5.5CVSS5.5AI score0.00464EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2016/08/17 12:0 a.m.39 views

Security Advisory - HTTP Header Injection Vulnerability in Huawei FusionAccess

The FusionAccess is the desktop management system of Huawei FusionCloud desktop solution. Huawei FusionAccess has an HTTP header injection vulnerability. A remote, unauthenticated attacker can exploit it to tamper with HTTP headers, causing users to access crafted URLs. Vulnerability ID:...

6.1CVSS6.6AI score0.00786EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/05/11 12:0 a.m.39 views

Security Advisory - Buffer Overflow Vulnerability in Huawei Several Products

There is a vulnerability in several Huawei devices: USG series, NGFW Module, IPS Module, NIP series and AntiDDoS8000. These products have a buffer overflow vulnerability in the Application Specific Packet Filtering ASPF function. An attacker may craft a malformed packet with illegitimate...

9.8CVSS9.7AI score0.02383EPSS
Exploits0Affected Software9
Huawei
Huawei
added 2014/10/10 12:0 a.m.39 views

Security Advisory-VRP SSH Denial of Service Vulnerability

The SSH of the VRP has an input verification issue. Remote attackers can send a special SSH packet to the device to cause a denial of service Vulnerability ID: HWPSIRT-2014-0701. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2014-8572...

7.8CVSS7.1AI score0.00943EPSS
Exploits0Affected Software14
Huawei
Huawei
added 2014/03/17 12:0 a.m.39 views

Security Advisory- Y.1731 Vulnerability on Some Huawei Switches

Y.1731 is an ITU-T recommendation for OAM features on Ethernet-based networks. Y.1731 provides connectivity detection, diagnosis, and performance monitoring for VLAN/VSI services on MANs. Some Huawei switches support Y.1731 and therefore, has the Y.1731 vulnerability in processing special packets...

7.8CVSS7.3AI score0.0101EPSS
Exploits0Affected Software5
Huawei
Huawei
added 2022/11/30 12:0 a.m.38 views

Security Advisory - Improper Authorization Vulnerability in a Huawei Children's Watch

Huawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit could allow the attacker to access certain file. Vulnerability ID:HWPSIRT-2022-62345 This vulnerability has been assigned a CVE ID: CVE-2022-45874...

5.5CVSS5.4AI score0.00143EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2022/09/01 12:0 a.m.38 views

Security Advisory - Out-of-bounds Read and Write Vulnerability in Some Huawei Headset Products

There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be...

6.1CVSS6.3AI score0.00261EPSS
Exploits0Affected Software8
Huawei
Huawei
added 2021/07/22 12:0 a.m.38 views

Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Smartphones

Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can modify specific parameters, causing the system to crash. Vulnerability ID: HWPSIRT-2020-05121 This...

5.5CVSS5.4AI score0.00396EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2021/05/19 12:0 a.m.38 views

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some Huawei products. An attacker could exploit this vulnerability by sending specific message to a targeted device. Due to insufficient input validation, successful exploit can cause the service abnormal. Vulnerability ID: HWPSIRT-2020-24699 This...

7.8CVSS7.3AI score0.00689EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2021/05/06 12:0 a.m.38 views

Security Advisory - Insufficient Input Validation Vulnerability in FusionCompute Product

There is an insufficient input validation vulnerability in FusionCompute product. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal. Vulnerability ID: HWPSIRT-2020-05085 This...

4.3CVSS4.5AI score0.00533EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/12/09 12:0 a.m.38 views

Security Advisory - CSV Injection Vulnerability in iManager NetEco Product

There has a CSV injection vulnerability in iManager NetEco Product. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV...

7.8CVSS7.6AI score0.00309EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/09/30 12:0 a.m.38 views

Security Advisory - Out-of-Bounds Read and Write Vulnerability in Huawei Smartphone

There is an out-of-bounds read and write vulnerability in Huawei smartphone. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. Vulnerability ID: HWPSIRT-2020-03107 Th...

5.5CVSS5.4AI score0.00197EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/09/30 12:0 a.m.38 views

Security Advisory - Information Disclosure Vulnerability in Several Smartphones

There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information...

4.6CVSS4.5AI score0.00232EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/08/19 12:0 a.m.38 views

Security Advisory - Denial of Service Vulnerability in SmartPhone Product

There is a denial of service vulnerability in several smartphones. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset. Vulnerability ID: HWPSIRT-2020-04032 This vulnerability has be...

4.3CVSS4.5AI score0.00319EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/08/12 12:0 a.m.38 views

Security Advisory - Command Injection Vulnerability in FusionCompute

There is a command injection vulnerability in FusionCompute. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. Vulnerability ID: HWPSIRT-2020-05015 This vulnerability has be...

8.8CVSS8.7AI score0.01306EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/08/05 12:0 a.m.38 views

Security Advisory - Protection Mechanism Failure Vulnerability in Some Huawei Products

There is a protection mechanism failure vulnerability in some Huawei products. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product. Vulnerability ID: HWPSIRT-2020-05077 This...

8.8CVSS8.6AI score0.00375EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/07/15 12:0 a.m.38 views

Security Advisory - Buffer Overflow Vulnerability in Several Smartphones

There is a buffer overflow vulnerability in several smartphones. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit m...

8.8CVSS9AI score0.00751EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2020/07/08 12:0 a.m.38 views

Security Advisory - Information Disclosure Vulnerability in Several Smartphones

There is an information disclosure vulnerability in several smartphones. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. Vulnerability ID:...

6.5CVSS6.1AI score0.00342EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2018/11/21 12:0 a.m.38 views

Security Advisory - Information Leak Vulnerability in Some Huawei Smartphones

There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak. Vulnerability ID:...

4.3CVSS4.4AI score0.00266EPSS
Exploits0Affected Software52
Huawei
Huawei
added 2018/02/07 12:0 a.m.38 views

Security Advisory - Two Out-of-Bounds Read Vulnerabilities in Some Huawei Products

Some Huawei products have two out-of-bounds read vulnerabilities due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the devi...

5.9CVSS6AI score0.00749EPSS
Exploits0Affected Software6
Huawei
Huawei
added 2017/12/22 12:0 a.m.38 views

Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products

Some Huawei products have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain...

9.8CVSS9.4AI score0.00991EPSS
Exploits0Affected Software28
Huawei
Huawei
added 2017/12/13 12:0 a.m.38 views

Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones

There is a information leak vulnerability in the date service proxy implementation of some Huawei smart phones. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to get kernel date, which may cause sensitive information leak...

5.5CVSS5.1AI score0.00658EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2017/12/06 12:0 a.m.38 views

Security Advisory - DoS Vulnerability in XML Parser of Some Huawei Products

XML parser has a DoS vulnerability in some Huawei products. Due to not check the specially XML file enough, an authenticated local attacker may craft specific XML files to the affected products and parse this file, which cause to null pointer accessing and result in DoS attacks. Vulnerability ID:...

5.5CVSS5.3AI score0.00211EPSS
Exploits0Affected Software6
Huawei
Huawei
added 2017/12/01 12:0 a.m.38 views

Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware

There are multiple vulnerabilities in Intel Management Engine ME firmware. Some Huawei devices are affected for using related Intel products. Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system t...

9CVSS8.1AI score0.04407EPSS
Exploits0Affected Software3
Huawei
Huawei
added 2017/11/29 12:0 a.m.38 views

Security Advisory - Denial of Service Vulnerability on Several Products

There is a denial of service vulnerability on several products. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device. Vulnerability ID...

7.5CVSS7.5AI score0.00773EPSS
Exploits0Affected Software4
Huawei
Huawei
added 2017/09/27 12:0 a.m.38 views

Security Advisory - Several Vulnerabilities in H323 protocol of Huawei Products

There are two out-of-bounds read vulnerabilities in H323 protocol of Huawei products. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. Vulnerability ID:...

6.5CVSS6.6AI score0.0112EPSS
Exploits0Affected Software3
Huawei
Huawei
added 2017/09/13 12:0 a.m.38 views

Security Advisory - Three Vulnerabilities in Huawei FusionSphere

There is an incorrect authorization vulnerability in Huawei FusionSphere. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby querying, modifying, and deleting certain service data and making the service unavailable. Vulnerability ID:...

9CVSS6.4AI score0.02041EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/08/02 12:0 a.m.38 views

Security Advisory - DoS Vulnerability in Some Huawei Smartphones

There is a denial of service DoS vulnerability in some Huawei Smartphones. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to cause some functions of system unavailable...

4.3CVSS3.9AI score0.00297EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/03/22 12:0 a.m.38 views

Security Advisory - Phone Finder Bypass Vulnerability in Some Huawei Smart Phones

Phone Finder is a Huawei security method that was designed to make sure someone can't just wipe and factory reset the phone if user lost it or it was stolen. The Phone Finder in some Huawei smart phones can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner o...

7.2CVSS6.6AI score0.0029EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/03/22 12:0 a.m.38 views

Security Advisory - Information Leak Vulnerability in Huawei Hilink APP

Huawei Hilink APP has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data. Vulnerability ID: HWPSIRT-2017-01092 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...

5.5CVSS5.2AI score0.00633EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2017/01/25 12:0 a.m.39 views

Security Advisory - Two Security Vulnerabilities in Huawei EMUI

Huawei EMUI3.1 has two vulnerabilities. The Keyguard application in Huawei EMUI3.1 has a privilege elevation vulnerability due to insufficient validation on specific parameters. An attacker may trick a user into installing a malicious application. Successful exploit could allow the attacker to...

7.8CVSS8.1AI score0.01052EPSS
Exploits0Affected Software8
Huawei
Huawei
added 2017/01/18 12:0 a.m.38 views

Security Advisory - Lock-screen Bypass Vulnerability in Huawei Smartphones

There is a lock-screen bypass vulnerability in Huawei smartphones. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot. Vulnerability ID:...

7.2CVSS6.7AI score0.00284EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/12/14 12:0 a.m.38 views

Security Advisory - Buffer Overflow Vulnerability in Wi-FI Driver of Huawei Smart Phone

The Wi-Fi driver of some Huawei products has buffer overflow vulnerability due to the lack of a parameters check. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege...

7.8CVSS7.1AI score
Exploits0Affected Software1
Huawei
Huawei
added 2016/11/30 12:0 a.m.38 views

Security Advisory - DoS Vulnerability in Huawei Switches

There is a denial of service DoS vulnerability in Huawei switches due to improper management of system resources. A remote attacker with specific permission could store massive files to exhaust the shared storage space, leading to a DoS condition. Vulnerability ID: HWPSIRT-2016-06006 This...

6.8CVSS6.4AI score0.01334EPSS
Exploits0Affected Software4
Huawei
Huawei
added 2016/11/16 12:0 a.m.38 views

Security Advisory - Unquoted Service Path Vulnerability in Huawei UTPS Software

Huawei Unified Terminal PC suite UTPS, also known as Mobile Partner, runs on the PC side to manage data cards. It provides data card setting, dial-up setting, message sending and receiving, and contacts management functions. Huawei UTPS has an unquoted service path vulnerability which can lead to...

7.2CVSS6.6AI score0.01578EPSS
Exploits4Affected Software1
Huawei
Huawei
added 2016/07/16 12:0 a.m.38 views

Security Advisory - Input Validation Vulnerabilities in Camera Driver of Huawei Smart Phones

There are five input validation vulnerabilities in the Camera driver of some Huawei smart phones. An attacker may trick a user into installing a malicious application, and the application can send given parameter to Camera driver to crash the system or escalate user privilege. Vulnerability ID:...

9.3CVSS7.1AI score0.00577EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2016/01/29 12:0 a.m.38 views

Security Advisory - DNS Static Source Port Vulnerability in Huawei E5151 and E5186

Huawei E5151 and E5186 allow DNS query packets using the static source port. Attackers can exploit the vulnerability to launch DNS Spoofing Attack and compromise the normal service of DNS. Vulnerability ID: HWPSIRT-2015-10001 This vulnerability has been assigned Common Vulnerabilities and Exposur...

7.5CVSS7.5AI score0.0191EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2015/11/11 12:0 a.m.38 views

Security Advisory - DoS Vulnerability in Huawei U2990 and U2980

Huawei U2990 and U2980 have a DoS vulnerability caused by no error correction mechanism when handling specific signaling packets. An attacker can send malformed packets to cause a denial of service condition in some services of the U2990 and U2980. Vulnerability ID: HWPSIRT-2015-09025 This...

4CVSS7.5AI score0.00725EPSS
Exploits0Affected Software2
Huawei
Huawei
added 2015/06/09 12:0 a.m.38 views

Security Advisory - VENOM Vulnerability in Huawei Products

Huawei has noticed the buffer overflow vulnerability in the floppy disk controller FDC of QEMU disclosed by open source organization Xen. This vulnerability allows an attacker to escape out of the virtual machine, execute code on the physical host with full privilege. Vulnerability ID:...

7.7CVSS7.2AI score0.15275EPSS
Exploits1Affected Software2
Huawei
Huawei
added 2015/05/20 12:0 a.m.38 views

Security Advisory - Two Privilege Escalation Vulnerabilities in Huawei Mate 7 Smartphones

The tzdriver module of Huawei Mate 7 smartphone has an input check error, which allows the user-mode application to modify kernel-mode memory data and maybe make system break down or application elevate privilege. Vulnerability ID: HWPSIRT-2015-03011 These Vulnerabilities have been assigned Commo...

7.6CVSS7.1AI score0.0092EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2014/12/17 12:0 a.m.38 views

Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product

Huawei eSpace Desktop products have the following vulnerabilities: 1 The program does not implement comprehensive validity check on the QES file imported into the system, causing the system to exit unexpectedly. Vulnerability ID: HWPSIRT-2014-1151 This vulnerability has been assigned Common...

4.4CVSS6.1AI score0.0083EPSS
Exploits15Affected Software1
Huawei
Huawei
added 2022/08/04 12:0 a.m.37 views

Security Advisory - The input verification vulnerability of a Huawei Device product is involved.

A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks. Vulnerability ID: HWPSIRT-2022-49379 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2022-37395. For products that have released...

7.5CVSS7.5AI score0.00479EPSS
Exploits0Affected Software1
Huawei
Huawei
added 2021/10/08 12:0 a.m.37 views

Security Advisory - Use-after-free Vulnerability in Huawei Products

There is a use-after-free UAF vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Vulnerability ID: HWPSIRT-2020-67955 This vulnerability has been assigned a Common Vulnerabilities and...

6.5CVSS6.4AI score0.0026EPSS
Exploits0Affected Software4
Total number of security vulnerabilities1006