36 matches found
CVE-2019-5291
CVE-2019-5291 corresponds to Huawei’s data authenticity verification weakness in some products. An remote, unauthenticated attacker can intercept specific inter-device packets, modify fields with insufficient verification, and inject them to the peer device, potentially causing abnormal behavior....
CVE-2020-9071
CVE-2020-9071 is an out-of-bounds read vulnerability in Huawei devices (notably AR120-S with V200R007C00SPC900/V200R007C00SPCa00). The issue occurs when parsing certain messages, allowing an authenticated attacker to read data past the end of a buffer and potentially cause service abnormal behavi...
CVE-2019-19416
The CVE-2019-19416 issue concerns the SIP module in Huawei products. The vulnerability stems from insufficient verification of SIP packets, allowing a remote attacker to trigger a buffer overflow and a dead loop, resulting in a denial-of-service condition. Affected products are listed in Huawei’s...
CVE-2019-5304
CVE-2019-5304 affects Huawei devices and is rooted in insufficient input validation for MPLS Echo Request messages, causing a buffer error that can allow an unauthenticated remote attacker to reset the device. Documents designate affected products broadly as Huawei switches/routers and related Cl...
CVE-2014-4705
The CVE-2014-4705 issue affects Huawei eSap software platform used in multiple devices: Campus S9300, S7700, S9700, S5300, S5700, S6300, S6700 switches; AR series routers (AR150/AR160/AR200/AR1200/AR2200/AR3200/AR530/NetEngine16EX/SRG1300/SRG2300/SRG3300); and WLAN controllers AC6005/AC6605/ACU2....
CVE-2017-17202
CVE-2017-17202 affects Huawei AR series (e.g., AR120-S, AR1200/AR150/AR160/AR200 and related line) and several Huawei devices, with an out-of-bounds read caused by insufficient input validation when handling SIP. An unauthenticated, remote attacker can send malformed SIP packets to trigger the re...
CVE-2017-17258
The CVE-2017-17258 issue is a resource management vulnerability in Huawei’s H323 protocol. An unauthenticated, remote attacker can craft malformed H323 packets that, due to insufficient validation, may cause memory exhaustion and a process crash on affected devices (e.g., AR120-S/AR1200/AR150/AR2...
CVE-2019-19417
CVE-2019-19417 (and related CVEs CVE-2019-19415/19416) describe three DoS vulnerabilities in the SIP module of some Huawei products. The root cause is insufficient verification of SIP packets, which can cause buffer overflow and a dead loop, enabling a remote attacker to trigger a DoS condition o...
CVE-2017-17257
CVE-2017-17257 is a memory-leak vulnerability in the H323 protocol affecting Huawei devices (e.g., AR120-S, AR1200, AR150/150-S, AR160, AR200/200-S, AR2200/2200-S, AR3200, AR3600, Secospace USG family, ViewPoint devices, and related lines). The issue arises from insufficient verification of H323 ...
CVE-2019-5293
CVE-2019-5293: Huawei memory-leak vulnerability affecting some Huawei products. A remote attacker with operation privilege could exploit by sending specific messages continuously, potentially causing some services to become abnormal. The Huawei security advisory HWPSIRT-2019-04075 notes fixes via...
CVE-2017-17250
CVE-2017-17250 describes an out-of-bounds write in several Huawei router/enterprise products (e.g., AR120-S/AR1200/AR1200-S/AR150/AR160/AR200/AR200-S/AR2200-S/AR3200/AR510, NetEngine16EX, SRG1300/2300/3300, V200R005C32/V200R007C00). The root cause is insufficient input verification when processin...
CVE-2017-17256
CVE-2017-17256 affects Huawei H323 protocol across multiple AR and related Huawei products. An unauthenticated, remote attacker can send malformed H323 packets, and due to insufficient packet verification a memory leak may occur, potentially causing DoS. Public details in Huawei HWPSIRT advisory ...
CVE-2017-17296
CVE-2017-17296 describes a memory leak vulnerability in Huawei products (e.g., AR120-S/AR1200/AR150 family and others) caused by not freeing allocated memory when handling H323 packages. An unauthenticated remote attacker can send crafted H323 messages, potentially causing memory leakage and serv...
CVE-2017-17287
The CVE-2017-17287 issue affects a broad set of Huawei devices (AR/AR1200, AR150/AR160/AR200 families, NetEngine16EX, SRG/SRG-like series, etc.) and is tied to an out-of-bounds read triggered by insufficient input validation when processing crafted signatures. The vulnerability allows a remote, u...
CVE-2019-19415
CVE-2019-19415 (and related CVEs 19416/19417) affect the SIP module in some Huawei products. The DoS vulnerabilities arise from three issues where insufficient packet verification can lead to a buffer overflow and a dead loop, exploitable remotely by sending specially crafted messages to affected...
CVE-2017-17254
This CVE-2017-17254 is a Huawei H323 protocol null pointer dereference vulnerability affecting a broad range of Huawei devices (e.g., AR120S/AR1200/AR150/AR200 families and related platforms). An unauthenticated, remote attacker can craft malformed H323 packets and send them to affected devices, ...
CVE-2017-17251
CVE-2017-17251 is a Huawei H323 protocol null pointer dereference vulnerability affecting multiple Huawei devices (e.g., AR120-S/AR1200/AR150/AR200-series, DR modules, Secospace USG, ViewPoint, etc.). Root cause: insufficient validation of H323 packets leading to a null pointer dereference and po...
CVE-2017-17252
CVE-2017-17252 corresponds to an out-of-bounds read vulnerability in Huawei UTP/H323 protocol support affecting a broad set of Huawei AR/AR- series and related devices (e.g., AR120-S/AR1200/AR150/AR200, ViewPoint/Secospace lines). An unauthenticated remote attacker can send malformed H323 packets...
CVE-2017-17293
CVE-2017-17293 affects Huawei AR/SRG products (e.g., AR120-S, AR1200, AR150, AR200, AR2200, SRG1300/2300/3300, TE/DP300, MAX PRESENCE, NetEngine, RP200, etc.). A crafted XML file can be submitted to vulnerable devices, exploiting insufficient input validation to trigger a buffer overflow. An auth...
CVE-2019-5294
Summary (CVE-2019-5294): An out-of-bounds read vulnerability in some Huawei products. A remote, unauthenticated attacker can send a crafted message, triggering a buffer read overflow during parsing and potentially causing some service to behave abnormally. The issue is addressed by Huawei in thei...
CVE-2017-17160
The CVE-2017-17160 issue is a buffer overflow in multiple Huawei enterprise routers (e.g., AR, AR1200/120-S/150/160/200-series, SRG, NetEngine16EX, etc.) caused by incomplete input range checks. An unauthenticated, remote attacker can send malicious IKE packets to the device, potentially writing ...
CVE-2017-15331
CVE-2017-15331 corresponds to an out-of-bounds read vulnerability in the H323 protocol affecting a wide range of Huawei products (AR, ARS/RG series, NIP6300/6600, Secospace USG, ViewPoint 9030, and related platforms). The issue arises from insufficient verification of H323 messages, allowing an u...
CVE-2017-17297
CVE-2017-17297 corresponds to a buffer overflow vulnerability affecting Huawei devices such as AR120-S, AR1200/AR1200-S, AR150/AR150-S, AR160, AR200/AR200-S, AR2200/AR2200-S, AR3200, AR3600, and related modules (e.g., IPS, NGFW, NetEngine family) across multiple firmware versions (e.g., V200R006C...
CVE-2017-15332
CVE-2017-15332 corresponds to a memory-leak vulnerability in the H323 protocol across multiple Huawei products (e.g., AR, ARS, SRG, NetEngine, Secospace USG, etc.). The issue arises from insufficient verification/checks of H323 packets, allowing an unauthenticated, remote attacker to send crafted...
CVE-2017-17294
CVE-2017-17294 describes a null pointer dereference in a broad set of Huawei enterprise router products (e.g., AR-series and SRG/NetEngine lines) caused by insufficient input validation when processing a crafted XML file. An authenticated, local attacker can trigger this by uploading a tailored X...
CVE-2017-8163
The CVE-2017-8163 entry describes an out-of-bounds read vulnerability affecting Huawei AR/NR devices (AR120-S/AR1200/AR150/AR160/AR200/AR2200/AR3200/AR510, NetEngine16EX, SMC2.0, SRG1300/2300/3300, etc.) across multiple software lines (V200R006C10 through V200R008C30, and several others listed in...
CVE-2017-17253
CVE-2017-17253 describes an out-of-bounds read in Huawei’s H323 protocol across multiple Huawei products (e.g., AR120-S/AR1200 series, AR150, AR160, AR200/AR2200/AR3200/AR3600 line, DP300, Secospace USG, ViewPoint devices, etc.). An unauthenticated, remote attacker can craft malformed H323 packet...
CVE-2017-17299
CVE-2017-17299 affects multiple Huawei router-like devices (e.g., AR120-S/AR1200/AR150/AR160/AR200/AR2200/AR3200/AR3600/AR510, IPS/NIP/NetEngine16EX, and related models) where an unauthenticated, remote attacker can establish via crafted IKEv2 messages due to insufficient input validation. The un...
CVE-2017-17151
CVE-2017-17151 affects Huawei H323 implementations (e.g., AR100/AR100-S/AR110-S/AR120/AR120-S/AR1200/AR1200-S/AR150/AR150-S/AR160/AR200/AR200-S/AR2200/AR2200-S/AR3200/AR510/DP300/NetEngine16EX/RP200/SRG1300/SRG2300/SRG3300/TE30/TE40/TE50/TE60/TP3106/TP3206/ViewPoint 8660/ViewPoint 9030). The root...
CVE-2017-17255
CVE-2017-17255 is a null pointer dereference vulnerability in Huawei’s H323 protocol across numerous AR/ARS/DP/NIP/NGFW/USG/ViewPoint devices. The root cause is insufficient validation of H323 packets, allowing an unauthenticated, remote attacker to send malformed packets that cause a process cra...
CVE-2017-17292
CVE-2017-17292 affects Huawei AR/X routers (e.g., AR120-S/AR200/AR3200, SRG/Te series, etc.) and related hardware listed in the CVE description. The vulnerability is a denial-of-service caused by improper handling of input when processing a crafted XML file uploaded to the affected module by an a...
CVE-2017-17286
CVE-2017-17286 describes an out-of-bounds write vulnerability caused by insufficient input validation in Huawei devices (notably AR120-series and related models across many firmware versions). A remote, unauthenticated attacker can craft an encryption key to the affected products, potentially tri...
CVE-2017-8162
CVE-2017-8162 is a DoS vulnerability affecting Huawei AR/SRG/NetEngine16EX/SMC2.0/other listed products where malformed message processing allows an authenticated remote attacker to send crafted messages, triggering a stack overflow and rendering the service unavailable. Public documents in conne...
CVE-2017-17291
CVE-2017-17291 is a memory-leak vulnerability in a wide range of Huawei enterprise devices (e.g., AR/AR1200/AR3200/SRG/NetEngine lines, TE/DP300/MAX PRESENCE, etc.). The issue arises when parsing crafted XML files: the software fails to free allocated memory, leading to a memory leak. An authenti...
CVE-2017-17295
CVE-2017-17295 describes buffer overflow vulnerabilities in numerous Huawei products caused by insufficient validation of SIP package values. An unauthenticated, remote attacker may send crafted SIP packages to affected devices (e.g., AR120-S, AR1200, AR150/AR200 families and others listed) to tr...
CVE-2017-17298
CVE-2017-17298 is a buffer overflow vulnerability affecting a wide range of Huawei router and enterprise devices (e.g., AR120-S, AR1200, AR150/AR160/AR200/AR2200 families, ViewPoint, and others) caused by insufficient validation of certificates. An unauthenticated, remote attacker can send specia...