Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Uma Firmware Security Vulnerabilities

cve
cve

CVE-2017-15329

Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that ...

8.8CVSS

8.9AI Score

0.001EPSS

2018-02-15 04:29 PM
38
cve
cve

CVE-2017-8121

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.

5.3CVSS

5AI Score

0.001EPSS

2017-11-22 07:29 PM
33
cve
cve

CVE-2017-8122

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

9.8CVSS

9.7AI Score

0.002EPSS

2017-11-22 07:29 PM
30
cve
cve

CVE-2017-8123

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

9.8CVSS

9.7AI Score

0.002EPSS

2017-11-22 07:29 PM
27
cve
cve

CVE-2017-8124

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

9.8CVSS

9.7AI Score

0.002EPSS

2017-11-22 07:29 PM
28
cve
cve

CVE-2017-8126

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

9.8CVSS

9.7AI Score

0.002EPSS

2017-11-22 07:29 PM
26
cve
cve

CVE-2017-8127

The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.

6.1CVSS

5.8AI Score

0.001EPSS

2017-11-22 07:29 PM
26
cve
cve

CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

9.8CVSS

9.4AI Score

0.975EPSS

2019-05-16 07:29 PM
2836
In Wild
36