26 matches found
CVE-2019-5255
CVE-2019-5255 affects a broad set of Huawei devices (AP2000, IPS, NGFW, NIP6300/6600/6800, S5700, SVN5600/5800/5800-C, SeMG9811, Secospace USG/AntiDDoS, eSpace U1981, etc.). The vulnerability arises from insufficient validation of messages, enabling an attacker to trigger an out-of-bounds read by...
CVE-2019-5256
The CVE-2019-5256 entry is supported by multiple connected documents describing a null pointer dereference vulnerability in a range of Huawei products (AP2000; IPS Module; NGFW Module; NIP6300/6600/6800; S5700; SVN5600/5800/5800-C; SeMG9811; Secospace USG/AntiDDoS; eSpace U1981). The underlying f...
CVE-2019-5254
CVE-2019-5254 is an out-of-bounds read vulnerability affecting multiple Huawei products (AP2000; IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; S5700; SVN5600; SVN5800; SVN5800-C; SeMG9811; Secospace AntiDDoS8000; Secospace USG6300/USG6500/USG6600; USG6000V; eSpace U1981). The root cause is ...
CVE-2019-5258
CVE-2019-5258 affects Huawei devices including AP2000, IPS Module, NGFW Module, NIP6300/6600/6800, S5700, SVN5600/5800 (including 5800-C), SeMG9811, Secospace USG6300/6500/6600/USG6000V, eSpace U1981, and others. Root cause: buffer overflow from insufficient validation of inter-process messages /...
CVE-2019-5257
CVE-2019-5257 affects multiple Huawei products (AP2000, IPS Module, NGFW Module, NIP6300/6600/6800, S5700, SVN5600/5800, SVN5800-C, SeMG9811, Secospace). The issue is a resource management vulnerability where an attacker who logs in to the board can send crafted messages from the internal network...
CVE-2019-19416
The CVE-2019-19416 issue concerns the SIP module in Huawei products. The vulnerability stems from insufficient verification of SIP packets, allowing a remote attacker to trigger a buffer overflow and a dead loop, resulting in a denial-of-service condition. Affected products are listed in Huawei’s...
CVE-2017-2690
CVE-2017-2690 affects Huawei SoftCo and eSpace devices: SoftCo with V200R003C20; eSpace U1910 (V200R003C00, C20); U1911 (C20, C30); U1930 (C20, C30); U1960 (C20, C30); U1980 (C20, C30); U1981 (C20, C30). A DoS can be triggered by an attacker with specific permission who crafts a file containing m...
CVE-2017-17301
CVE-2017-17301 relates to a weak cryptography vulnerability in a wide range of Huawei router/CE products (e.g., AR120-S, AR1200, AR200/AR3200, CloudEngine lines, ViewPoint, SMC, SRG, DP300, etc.). The root cause is improper parsing/validation of certificate values, enabling an unauthenticated rem...
CVE-2019-19417
CVE-2019-19417 (and related CVEs CVE-2019-19415/19416) describe three DoS vulnerabilities in the SIP module of some Huawei products. The root cause is insufficient verification of SIP packets, which can cause buffer overflow and a dead loop, enabling a remote attacker to trigger a DoS condition o...
CVE-2017-17296
CVE-2017-17296 describes a memory leak vulnerability in Huawei products (e.g., AR120-S/AR1200/AR150 family and others) caused by not freeing allocated memory when handling H323 packages. An unauthenticated remote attacker can send crafted H323 messages, potentially causing memory leakage and serv...
CVE-2019-19415
CVE-2019-19415 (and related CVEs 19416/19417) affect the SIP module in some Huawei products. The DoS vulnerabilities arise from three issues where insufficient packet verification can lead to a buffer overflow and a dead loop, exploitable remotely by sending specially crafted messages to affected...
CVE-2017-17144
The CVE-2017-17144 issue affects Huawei SIP module backups on multiple products (e.g., DP300/TE-series, ViewPoint, eSpace, etc.). The vulnerability is an overflow in the SIP backup feature when the module processes a specific amount of state, which the module cannot handle, resulting in a denial ...
CVE-2017-17297
CVE-2017-17297 corresponds to a buffer overflow vulnerability affecting Huawei devices such as AR120-S, AR1200/AR1200-S, AR150/AR150-S, AR160, AR200/AR200-S, AR2200/AR2200-S, AR3200, AR3600, and related modules (e.g., IPS, NGFW, NetEngine family) across multiple firmware versions (e.g., V200R006C...
CVE-2017-15339
The CVE-2017-15339 entry documents a buffer overflow vulnerability in Huawei SIP modules across many devices (e.g., DP300, IPS, NGFW, NIP/N series, USG/SeCOSpace, ViewPoint, Te series). Root cause: insufficient validation of SIP messages, enabling overflow when crafting specific SIP messages. Imp...
CVE-2017-15336
CVE-2017-15336 corresponds to buffer overflow vulnerabilities in the SIP backup feature across Huawei devices (DP300 and a broad range of modules and platforms including IPS, NGFW, NIP6300/6600/6800, RP200, ViewPoint, eSpace U1981, and Secospace USG/TE series). Root cause: insufficient validation...
CVE-2017-17142
CVE-2017-17142 is an overflow vulnerability in the SIP module of Huawei devices (e.g., Huawei DP300, RP200, RSE6500, TE3x/TE6x, ViewPoint 9030, eSpace U1960/U1981, among others). An attacker can exploit it by sending a specially crafted SIP message, causing a process to reboot at random and impac...
CVE-2017-15323
CVE-2017-15323 describes a DoS due to memory exhaustion from insufficient input validation in several Huawei devices (e.g., DP300, NIP6600, Secospace USG6500, TE60, ViewPoint series, eSpace/U1981, among others). The vulnerability allows an attacker to craft malformed messages to exhaust device me...
CVE-2017-15335
CVE-2017-15335 describes a buffer overflow vulnerability in the SIP backup feature across multiple Huawei devices (DP300, NGFW/IPS modules, USG/Secospace, and related platforms). The root cause is insufficient validation of SIP message values, allowing specially crafted messages to trigger a cras...
CVE-2017-17143
CVE-2017-17143 is a Huawei SIP module overflow vulnerability. The issue occurs when validating certain SIP messages, where the module cannot parse malformed inputs, potentially allowing an attacker to trigger a random process reboot. Affected products include Huawei DP300 family (and related RP20...
CVE-2017-2722
CVE-2017-2722 concerns an input validation vulnerability across multiple Huawei products (e.g., DP300, TP3106, ViewPoint 9030, eSpace series, eSpace U1981, eSpace IAD, eSpace 7950, etc.). The issue, described in the initial CVE entry, arises from insufficient input validation, which can be trigge...
CVE-2017-15337
CVE-2017-15337 affects the SIP module across multiple Huawei products (DP300, IPS, NGFW, NIP, NIP6600/6800, RP200, SVN series, Secospace USG, TE/Views, eSpace U1981, ViewPoint, etc.). The root cause is insufficient validation of SIP messages, leading to a buffer overflow if an attacker crafts spe...
CVE-2017-15338
CVE-2017-15338 concerns buffer overflow in the SIP module of Huawei products (DP300, various SIP backup-related modules and related devices such as NIP, NGFW, USG, ViewPoint, eSpace U1981, etc.). The root cause is insufficient validation of SIP messages, requiring an attacker to craft specific me...
CVE-2017-15342
CVE-2017-15342 affects Huawei DP300, TE60, TP3106, and eSpace U1981. The root cause is incorrect calculation of the remaining buffer size when processing SSL connections, allowing a remote unauthenticated attacker to send crafted SSL messages that exhaust buffer space and cause denial of service....
CVE-2017-15334
CVE-2017-15334 pertains to a buffer overflow in the SIP backup feature across many Huawei products (DP300, multiple modules and devices). The root cause is insufficient validation of certain SIP message values, allowing an attacker to send specially crafted messages to trigger a service abnormali...
CVE-2017-17174
The CVE-2017-17174 entry corresponds to a weak algorithm vulnerability in multiple Huawei products (eSpace U1981, RSE6500, SoftCo, VP9660, etc.). An attacker who can observe TLS traffic between clients and affected devices could perform a Bleichenbacher attack on RSA key exchange to decrypt the s...
CVE-2017-17295
CVE-2017-17295 describes buffer overflow vulnerabilities in numerous Huawei products caused by insufficient validation of SIP package values. An unauthenticated, remote attacker may send crafted SIP packages to affected devices (e.g., AR120-S, AR1200, AR150/AR200 families and others listed) to tr...