21 matches found
CVE-2020-1870
CVE-2020-1870 affects Huawei CloudEngine and related NE40E/NE40E-M/NE40E-F switches. Root cause is improper memory management leading to memory leakage, which can be exploited to cause denial of service. Affected versions include CloudEngine 12800 (V200R019C00SPC800), 5800 (V200R019C00SPC800), 68...
CVE-2021-22362
CVE-2021-22362: An out-of-bounds write vulnerability in Huawei CloudEngine products (12800, 5800, 6800, 7800 lines) via crafted packet data due to insufficient message validation, leading to service abnormality. Affected versions include CloudEngine 12800: V200R002C50SPC800, V200R003C00SPC810, V2...
CVE-2017-17301
CVE-2017-17301 relates to a weak cryptography vulnerability in a wide range of Huawei router/CE products (e.g., AR120-S, AR1200, AR200/AR3200, CloudEngine lines, ViewPoint, SMC, SRG, DP300, etc.). The root cause is improper parsing/validation of certificate values, enabling an unauthenticated rem...
CVE-2020-9137
CVE-2020-9137 describes a privilege-escalation vulnerability in Huawei CloudEngine switches (12800, 5800, 6800, 7800) caused by insufficient input validation. A local attacker with high privileges can run specially crafted scripts to achieve escalation. The NVD cites CVSSv3.1: 6.7 (LOCAL, HIGH pr...
CVE-2021-22332
CVE-2021-22332 is a pointer double-free vulnerability reported in Huawei CloudEngine switches (5800/6800/7800/12800). The issue arises when a function copies the same memory pointer to two modules, enabling a double free that can crash the affected module and potentially disrupt normal service. P...
CVE-2021-22328
CVE-2021-22328 describes a denial-of-service vulnerability in Huawei CloudEngine switches (12800, 5800, 6800, 7800) running V200R005C00SPC800. The issue arises from improper packet handling in specific scenarios, which can cause some services to behave abnormally. The vulnerability is associated ...
CVE-2021-37122
CVE-2021-37122 is a confirmed use-after-free (UAF) vulnerability disclosed in Huawei CloudEngine products. Affected models include CloudEngine 12800 (V200R005C10SPC800, V200R019C00SPC800), 5800 (V200R005C10SPC800, V200R019C00SPC800), 6800 (V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800),...
CVE-2021-40042
CVE-2021-40042 is an invalid pointer vulnerability affecting Huawei CloudEngine devices (12800: V200R019C10SPC800/SPC900; 5800: V200R019C10SPC800, V200R020C00SPC600; 6800: V200R019C10SPC800/900, V200R020C00SPC600, V300R020C00SPC200; 7800: V200R019C10SPC800). Root cause: invalid pointer dereferenc...
CVE-2021-40033
CVE-2021-40033 describes an information exposure vulnerability affecting Huawei CloudEngine switches: 12800, 5800, 6800, and 7800 series across multiple firmware versions (e.g., 12800 V200R005C10SPC800; 5800 V200R005C10SPC800, V200R019C00SPC800; 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019...
CVE-2017-8147
CVE-2017-8147 corresponds to a MaxAge LSA vulnerability in OSPF on Huawei products (e.g., AC6005/AC6605/CloudEngine series, S-series, USG/SECOSPACE lines, etc.). The issue arises from improper OSPF handling, where receiving specific LSA packets causes the Link State Age to be set to MaxAge (3600 ...
CVE-2016-8790
CVE-2016-8790 affects Huawei CloudEngine switches (5800/6800/7800/8800/12800) with software before V200R001C00SPC700. The issue is a buffer overflow in the Connectivity Fault Management (CFM) feature when MEP is configured; an adjacent attacker sending crafted packets can cause the main control b...
CVE-2020-9102
CVE-2020-9102 is an information-disclosure vulnerability in Huawei CloudEngine products caused by improper management of usernames. Affected are CloudEngine 12800 (V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800), CloudEngine 5800 (V200R002C50SPC800, ...
CVE-2020-9207
CVE-2020-9207 describes an improper authentication vulnerability in Huawei CloudEngine products. A module fails to verify input files, allowing attackers to craft malicious files to bypass verification and potentially disrupt normal service. Connected sources confirm the issue affects Huawei Clou...
CVE-2021-22393
CVE-2021-22393 affects Huawei CloudEngine switches (5800/6800/7800/12800). A module-design weakness causes the device to mishandle certain messages, enabling attackers to trigger a denial of service by sending a large number of specific messages, impacting normal service. Public references in Hua...
CVE-2020-1865
CVE-2020-1865 : Huawei CloudEngine products have an out-of-bounds read when parsing certain PIM messages. An adjacent attacker could send crafted PIM messages to trigger data reads past the buffer, potentially causing impact as described in the sources. The vulnerability is documented with CVSS m...
CVE-2020-9124
This entry concerns CVE-2020-9124, a memory-leak vulnerability in Huawei CloudEngine. Affected software is Huawei CloudEngine products; root cause is improper memory release leading to a memory leak when a specific message is processed by an unauthenticated, remote attacker. Impact is partial ava...
CVE-2017-15349
CVE-2017-15349 affects Huawei CloudEngine switches (12800, 5800, 6800, 7800 series across multiple V100R0xxC0x releases). The issue is a memory leak caused by failure to release memory when handling RSVP packets, exploitable by unauthenticated remote senders over the network, leading to DoS via r...
CVE-2020-9094
CVE-2020-9094 describes an out-of-bounds read vulnerability affecting Huawei CloudEngine products. The issue arises when a module fails to properly handle a specific message, allowing an attacker to cause a denial of service by sending a crafted packet. The CVE entry aligns with Huawei’s advisory...
CVE-2021-40008
Huawei CloudEngine switches (12800/5800/6800/7800, firmware version V200R019C00SPC800) suffer a memory-leak vulnerability: the parser fails to properly track and release memory when handling crafted binary messages, potentially leading to memory exhaustion. The issue is network-exploitable (low a...
CVE-2016-8795
CVE-2016-8795 describes an integer overflow in IPFPM handling on several Huawei devices. Affected products include Huawei CloudEngine 12800, 5800, 6800, 7800, 8800 and Secospace USG6600, across multiple OS versions listed in the Huawei advisory. Remote, unauthenticated attackers can craft specifi...
CVE-2016-8780
CVE-2016-8780 affects Huawei CloudEngine devices: 6800 (V100R006C00), 7800 (V100R006C00), 8800 (V100R006C00), and 12800 (V100R006C00). The issue allows remote attackers with specific permissions to store massive files, exhausting shared storage and causing a DoS. Root cause is improper management...