Lucene search
+L
HuaweiNetengine16ex Firmware

36 matches found

cve
cve
added 2019/12/13 2:35 p.m.87 views

CVE-2019-5291

CVE-2019-5291 corresponds to Huawei’s data authenticity verification weakness in some products. An remote, unauthenticated attacker can intercept specific inter-device packets, modify fields with insufficient verification, and inject them to the peer device, potentially causing abnormal behavior....

5.9CVSS5.7AI score0.00358EPSS
cve
cve
added 2020/06/01 2:2 p.m.85 views

CVE-2020-9071

CVE-2020-9071 is an out-of-bounds read vulnerability in Huawei devices (notably AR120-S with V200R007C00SPC900/V200R007C00SPCa00). The issue occurs when parsing certain messages, allowing an authenticated attacker to read data past the end of a buffer and potentially cause service abnormal behavi...

6.5CVSS6.3AI score0.00634EPSS
cve
cve
added 2020/07/08 4:55 p.m.82 views

CVE-2019-19416

The CVE-2019-19416 issue concerns the SIP module in Huawei products. The vulnerability stems from insufficient verification of SIP packets, allowing a remote attacker to trigger a buffer overflow and a dead loop, resulting in a denial-of-service condition. Affected products are listed in Huawei’s...

7.5CVSS7.7AI score0.00883EPSS
cve
cve
added 2020/01/03 2:33 p.m.75 views

CVE-2019-5304

CVE-2019-5304 affects Huawei devices and is rooted in insufficient input validation for MPLS Echo Request messages, causing a buffer error that can allow an unauthenticated remote attacker to reset the device. Documents designate affected products broadly as Huawei switches/routers and related Cl...

7.8CVSS7.5AI score0.00971EPSS
cve
cve
added 2018/01/30 5:0 p.m.73 views

CVE-2014-4705

The CVE-2014-4705 issue affects Huawei eSap software platform used in multiple devices: Campus S9300, S7700, S9700, S5300, S5700, S6300, S6700 switches; AR series routers (AR150/AR160/AR200/AR1200/AR2200/AR3200/AR530/NetEngine16EX/SRG1300/SRG2300/SRG3300); and WLAN controllers AC6005/AC6605/ACU2....

7.8CVSS7.4AI score0.01464EPSS
cve
cve
added 2018/02/15 4:0 p.m.73 views

CVE-2017-17202

CVE-2017-17202 affects Huawei AR series (e.g., AR120-S, AR1200/AR150/AR160/AR200 and related line) and several Huawei devices, with an out-of-bounds read caused by insufficient input validation when handling SIP. An unauthenticated, remote attacker can send malformed SIP packets to trigger the re...

7.5CVSS7.5AI score0.01242EPSS
cve
cve
added 2018/04/24 3:0 p.m.73 views

CVE-2017-17258

The CVE-2017-17258 issue is a resource management vulnerability in Huawei’s H323 protocol. An unauthenticated, remote attacker can craft malformed H323 packets that, due to insufficient validation, may cause memory exhaustion and a process crash on affected devices (e.g., AR120-S/AR1200/AR150/AR2...

7.5CVSS7.4AI score0.01242EPSS
cve
cve
added 2020/07/08 4:53 p.m.73 views

CVE-2019-19417

CVE-2019-19417 (and related CVEs CVE-2019-19415/19416) describe three DoS vulnerabilities in the SIP module of some Huawei products. The root cause is insufficient verification of SIP packets, which can cause buffer overflow and a dead loop, enabling a remote attacker to trigger a DoS condition o...

7.5CVSS7.7AI score0.00883EPSS
cve
cve
added 2018/04/24 3:0 p.m.72 views

CVE-2017-17257

CVE-2017-17257 is a memory-leak vulnerability in the H323 protocol affecting Huawei devices (e.g., AR120-S, AR1200, AR150/150-S, AR160, AR200/200-S, AR2200/2200-S, AR3200, AR3600, Secospace USG family, ViewPoint devices, and related lines). The issue arises from insufficient verification of H323 ...

7.5CVSS7.4AI score0.01279EPSS
cve
cve
added 2019/11/13 4:19 p.m.72 views

CVE-2019-5293

CVE-2019-5293: Huawei memory-leak vulnerability affecting some Huawei products. A remote attacker with operation privilege could exploit by sending specific messages continuously, potentially causing some services to become abnormal. The Huawei security advisory HWPSIRT-2019-04075 notes fixes via...

6.5CVSS6.3AI score0.00872EPSS
cve
cve
added 2018/03/09 5:0 p.m.71 views

CVE-2017-17250

CVE-2017-17250 describes an out-of-bounds write in several Huawei router/enterprise products (e.g., AR120-S/AR1200/AR1200-S/AR150/AR160/AR200/AR200-S/AR2200-S/AR3200/AR510, NetEngine16EX, SRG1300/2300/3300, V200R005C32/V200R007C00). The root cause is insufficient input verification when processin...

7.1CVSS6.7AI score0.01058EPSS
cve
cve
added 2018/04/24 3:0 p.m.71 views

CVE-2017-17256

CVE-2017-17256 affects Huawei H323 protocol across multiple AR and related Huawei products. An unauthenticated, remote attacker can send malformed H323 packets, and due to insufficient packet verification a memory leak may occur, potentially causing DoS. Public details in Huawei HWPSIRT advisory ...

7.5CVSS7.4AI score0.01279EPSS
cve
cve
added 2018/02/15 4:0 p.m.70 views

CVE-2017-17296

CVE-2017-17296 describes a memory leak vulnerability in Huawei products (e.g., AR120-S/AR1200/AR150 family and others) caused by not freeing allocated memory when handling H323 packages. An unauthenticated remote attacker can send crafted H323 messages, potentially causing memory leakage and serv...

5.3CVSS5.3AI score0.01285EPSS
cve
cve
added 2020/07/08 4:58 p.m.69 views

CVE-2019-19415

CVE-2019-19415 (and related CVEs 19416/19417) affect the SIP module in some Huawei products. The DoS vulnerabilities arise from three issues where insufficient packet verification can lead to a buffer overflow and a dead loop, exploitable remotely by sending specially crafted messages to affected...

7.5CVSS7.7AI score0.00883EPSS
cve
cve
added 2018/04/24 3:0 p.m.68 views

CVE-2017-17254

This CVE-2017-17254 is a Huawei H323 protocol null pointer dereference vulnerability affecting a broad range of Huawei devices (e.g., AR120S/AR1200/AR150/AR200 families and related platforms). An unauthenticated, remote attacker can craft malformed H323 packets and send them to affected devices, ...

7.5CVSS7.4AI score0.01242EPSS
cve
cve
added 2018/02/15 4:0 p.m.68 views

CVE-2017-17287

The CVE-2017-17287 issue affects a broad set of Huawei devices (AR/AR1200, AR150/AR160/AR200 families, NetEngine16EX, SRG/SRG-like series, etc.) and is tied to an out-of-bounds read triggered by insufficient input validation when processing crafted signatures. The vulnerability allows a remote, u...

5.3CVSS5.2AI score0.01241EPSS
cve
cve
added 2018/04/24 3:0 p.m.67 views

CVE-2017-17251

CVE-2017-17251 is a Huawei H323 protocol null pointer dereference vulnerability affecting multiple Huawei devices (e.g., AR120-S/AR1200/AR150/AR200-series, DR modules, Secospace USG, ViewPoint, etc.). Root cause: insufficient validation of H323 packets leading to a null pointer dereference and po...

5.3CVSS5.9AI score0.01248EPSS
cve
cve
added 2018/04/24 3:0 p.m.67 views

CVE-2017-17252

CVE-2017-17252 corresponds to an out-of-bounds read vulnerability in Huawei UTP/H323 protocol support affecting a broad set of Huawei AR/AR- series and related devices (e.g., AR120-S/AR1200/AR150/AR200, ViewPoint/Secospace lines). An unauthenticated remote attacker can send malformed H323 packets...

5.3CVSS5.9AI score0.01248EPSS
cve
cve
added 2018/02/15 4:0 p.m.67 views

CVE-2017-17293

CVE-2017-17293 affects Huawei AR/SRG products (e.g., AR120-S, AR1200, AR150, AR200, AR2200, SRG1300/2300/3300, TE/DP300, MAX PRESENCE, NetEngine, RP200, etc.). A crafted XML file can be submitted to vulnerable devices, exploiting insufficient input validation to trigger a buffer overflow. An auth...

3.3CVSS4.6AI score0.0021EPSS
cve
cve
added 2019/11/13 4:12 p.m.67 views

CVE-2019-5294

Summary (CVE-2019-5294): An out-of-bounds read vulnerability in some Huawei products. A remote, unauthenticated attacker can send a crafted message, triggering a buffer read overflow during parsing and potentially causing some service to behave abnormally. The issue is addressed by Huawei in thei...

7.5CVSS7.7AI score0.00928EPSS
cve
cve
added 2018/02/15 4:0 p.m.66 views

CVE-2017-17160

The CVE-2017-17160 issue is a buffer overflow in multiple Huawei enterprise routers (e.g., AR, AR1200/120-S/150/160/200-series, SRG, NetEngine16EX, etc.) caused by incomplete input range checks. An unauthenticated, remote attacker can send malicious IKE packets to the device, potentially writing ...

7.1CVSS6.1AI score0.01079EPSS
cve
cve
added 2018/02/15 4:0 p.m.65 views

CVE-2017-15331

CVE-2017-15331 corresponds to an out-of-bounds read vulnerability in the H323 protocol affecting a wide range of Huawei products (AR, ARS/RG series, NIP6300/6600, Secospace USG, ViewPoint 9030, and related platforms). The issue arises from insufficient verification of H323 messages, allowing an u...

5.3CVSS5.2AI score0.01477EPSS
cve
cve
added 2018/02/15 4:0 p.m.65 views

CVE-2017-17297

CVE-2017-17297 corresponds to a buffer overflow vulnerability affecting Huawei devices such as AR120-S, AR1200/AR1200-S, AR150/AR150-S, AR160, AR200/AR200-S, AR2200/AR2200-S, AR3200, AR3600, and related modules (e.g., IPS, NGFW, NetEngine family) across multiple firmware versions (e.g., V200R006C...

5.3CVSS5.6AI score0.01241EPSS
cve
cve
added 2018/02/15 4:0 p.m.64 views

CVE-2017-15332

CVE-2017-15332 corresponds to a memory-leak vulnerability in the H323 protocol across multiple Huawei products (e.g., AR, ARS, SRG, NetEngine, Secospace USG, etc.). The issue arises from insufficient verification/checks of H323 packets, allowing an unauthenticated, remote attacker to send crafted...

5.3CVSS5.3AI score0.01477EPSS
cve
cve
added 2018/02/15 4:0 p.m.64 views

CVE-2017-17294

CVE-2017-17294 describes a null pointer dereference in a broad set of Huawei enterprise router products (e.g., AR-series and SRG/NetEngine lines) caused by insufficient input validation when processing a crafted XML file. An authenticated, local attacker can trigger this by uploading a tailored X...

3.3CVSS4.2AI score0.00211EPSS
cve
cve
added 2017/11/22 7:0 p.m.63 views

CVE-2017-8163

The CVE-2017-8163 entry describes an out-of-bounds read vulnerability affecting Huawei AR/NR devices (AR120-S/AR1200/AR150/AR160/AR200/AR2200/AR3200/AR510, NetEngine16EX, SMC2.0, SRG1300/2300/3300, etc.) across multiple software lines (V200R006C10 through V200R008C30, and several others listed in...

6.8CVSS6.3AI score0.00795EPSS
cve
cve
added 2018/02/15 4:0 p.m.62 views

CVE-2017-17299

CVE-2017-17299 affects multiple Huawei router-like devices (e.g., AR120-S/AR1200/AR150/AR160/AR200/AR2200/AR3200/AR3600/AR510, IPS/NIP/NetEngine16EX, and related models) where an unauthenticated, remote attacker can establish via crafted IKEv2 messages due to insufficient input validation. The un...

7.5CVSS7.4AI score0.01242EPSS
cve
cve
added 2018/02/15 4:0 p.m.61 views

CVE-2017-17151

CVE-2017-17151 affects Huawei H323 implementations (e.g., AR100/AR100-S/AR110-S/AR120/AR120-S/AR1200/AR1200-S/AR150/AR150-S/AR160/AR200/AR200-S/AR2200/AR2200-S/AR3200/AR510/DP300/NetEngine16EX/RP200/SRG1300/SRG2300/SRG3300/TE30/TE40/TE50/TE60/TP3106/TP3206/ViewPoint 8660/ViewPoint 9030). The root...

5.9CVSS5.7AI score0.00788EPSS
cve
cve
added 2018/04/24 3:0 p.m.61 views

CVE-2017-17253

CVE-2017-17253 describes an out-of-bounds read in Huawei’s H323 protocol across multiple Huawei products (e.g., AR120-S/AR1200 series, AR150, AR160, AR200/AR2200/AR3200/AR3600 line, DP300, Secospace USG, ViewPoint devices, etc.). An unauthenticated, remote attacker can craft malformed H323 packet...

7.5CVSS7.4AI score0.01242EPSS
cve
cve
added 2018/04/24 3:0 p.m.61 views

CVE-2017-17255

CVE-2017-17255 is a null pointer dereference vulnerability in Huawei’s H323 protocol across numerous AR/ARS/DP/NIP/NGFW/USG/ViewPoint devices. The root cause is insufficient validation of H323 packets, allowing an unauthenticated, remote attacker to send malformed packets that cause a process cra...

7.5CVSS7.4AI score0.01242EPSS
cve
cve
added 2018/02/15 4:0 p.m.60 views

CVE-2017-17292

CVE-2017-17292 affects Huawei AR/X routers (e.g., AR120-S/AR200/AR3200, SRG/Te series, etc.) and related hardware listed in the CVE description. The vulnerability is a denial-of-service caused by improper handling of input when processing a crafted XML file uploaded to the affected module by an a...

3.3CVSS4.3AI score0.00211EPSS
cve
cve
added 2018/02/15 4:0 p.m.58 views

CVE-2017-17286

CVE-2017-17286 describes an out-of-bounds write vulnerability caused by insufficient input validation in Huawei devices (notably AR120-series and related models across many firmware versions). A remote, unauthenticated attacker can craft an encryption key to the affected products, potentially tri...

5.3CVSS5.4AI score0.00779EPSS
cve
cve
added 2017/11/22 7:0 p.m.58 views

CVE-2017-8162

CVE-2017-8162 is a DoS vulnerability affecting Huawei AR/SRG/NetEngine16EX/SMC2.0/other listed products where malformed message processing allows an authenticated remote attacker to send crafted messages, triggering a stack overflow and rendering the service unavailable. Public documents in conne...

6.5CVSS6.5AI score0.00734EPSS
cve
cve
added 2018/02/15 4:0 p.m.57 views

CVE-2017-17291

CVE-2017-17291 is a memory-leak vulnerability in a wide range of Huawei enterprise devices (e.g., AR/AR1200/AR3200/SRG/NetEngine lines, TE/DP300/MAX PRESENCE, etc.). The issue arises when parsing crafted XML files: the software fails to free allocated memory, leading to a memory leak. An authenti...

5.5CVSS5.2AI score0.00211EPSS
cve
cve
added 2018/02/15 4:0 p.m.56 views

CVE-2017-17295

CVE-2017-17295 describes buffer overflow vulnerabilities in numerous Huawei products caused by insufficient validation of SIP package values. An unauthenticated, remote attacker may send crafted SIP packages to affected devices (e.g., AR120-S, AR1200, AR150/AR200 families and others listed) to tr...

5.3CVSS5.6AI score0.01241EPSS
cve
cve
added 2018/02/15 4:0 p.m.56 views

CVE-2017-17298

CVE-2017-17298 is a buffer overflow vulnerability affecting a wide range of Huawei router and enterprise devices (e.g., AR120-S, AR1200, AR150/AR160/AR200/AR2200 families, ViewPoint, and others) caused by insufficient validation of certificates. An unauthenticated, remote attacker can send specia...

5.3CVSS5.6AI score0.00779EPSS