18 matches found
CVE-2016-7107
Huawei UMA (Unified Maintenance Audit) prior to V200R001C00SPC200 SPH206 is affected by CVE-2016-7107 due to insufficient parameter validation on certain pages, enabling remote attackers to reset arbitrary user passwords and thereby compromise data integrity via unspecified vectors. The issue is ...
CVE-2017-8122
CVE-2017-8122 affects Huawei UMA product (software V200R001). The vulnerability is a privilege elevation due to insufficient validation or improper processing of parameters, where an attacker could craft specific packets to gain elevated privileges. NVD data shows high base scores (CVSSv2: 7.5 / ...
CVE-2017-8129
CVE-2017-8129 affects Huawei UMA products (software V200R001 and V300R001). The vulnerability is a privilege-elevation issue caused by insufficient validation/improper processing of parameters, enabling an attacker to craft specific packets to gain elevated privileges. Public details include CVSS...
CVE-2017-8121
CVE-2017-8121 corresponds to an information disclosure vulnerability in Huawei UMA products. The UMA software variants V200R001 and V300R001 are affected, with an attacker able to obtain some sensitive information leading to information leakage. The entry is corroborated by NVD and Huawei’s secur...
CVE-2017-8124
CVE-2017-8124 affects Huawei UMA product (software V200R001). Root cause: insufficient validation or improper processing of parameters in the UMA component, enabling an attacker to craft specific packets to achieve privilege elevation. Impact: elevation of privileges. Exploitation status is not d...
CVE-2017-8118
CVE-2017-8118 affects Huawei UMA products (V200R001 and V300R001) with an information disclosure vulnerability. The issue could allow an attacker to obtain sensitive information, per NVD and Huawei PSIRT references. The Huawei advisory notes multiple UMA vulnerabilities and states these were anal...
CVE-2017-8120
CVE-2017-8120 affects Huawei UMA products (V200R001 and V300R001) with a privilege-elevation vulnerability caused by insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these weaknesses to gain elevated privileges. Public sources (NVD ...
CVE-2017-8119
The CVE-2017-8119 entry concerns Huawei UMA products (V200R001 and V300R001) with a privilege-elevation vulnerability caused by insufficient validation/improper processing of parameters. Attackers could craft specific packets to exploit these flaws to gain elevated privileges. Connected sources c...
CVE-2017-8130
The CVE-2017-8130 entry describes an information-leak vulnerability in Huawei UMA products. Affected software versions are V200R001 and V300R001, where an attacker could obtain sensitive information, leading to information leakage. The NVD data shows CVSSv3.0 base metrics: 6.5 (NETWORK, LOW compl...
CVE-2017-8123
CVE-2017-8123 concerns the Huawei UMA product (software V200R001) and describes a privilege-elevation vulnerability caused by insufficient validation or improper processing of parameters. The NVD entry attributes an exploitable path via crafted packets that could yield elevated privileges, with C...
CVE-2017-8128
CVE-2017-8128 affects Huawei UMA product in versions V200R001 and V300R001. Root cause: insufficient validation or improper processing of parameters leading to privilege elevation. Attackers could craft specific packets to gain elevated privileges. From the provided data, the CVSS metrics indicat...
CVE-2017-8127
CVE-2017-8127 affects Huawei UMA product (V200R001). The issue is a cross-site scripting (XSS) vulnerability caused by insufficient input validation in UMA, enabling an attacker to craft malicious links or scripts to conduct XSS. The CVSS data indicates a networkaccessible vector with at least mi...
CVE-2017-8117
CVE-2017-8117 affects Huawei UMA product (software V200R001 and V300R001) with a privilege elevation vulnerability caused by insufficient validation/improper processing of parameters. An attacker could craft specific packets to exploit this and gain elevated privileges. Public sources classify th...
CVE-2016-7109
CVE-2016-7109 concerns Huawei Unified Maintenance Audit (UMA) prior to V200R001C00SPC200. The vulnerability allows remote attackers to execute arbitrary commands by injecting special characters into the UMA interface, indicating a command execution flaw in the Huawei UMA component. The issue is e...
CVE-2017-8125
CVE-2017-8125 affects Huawei UMA product (software V200R001 and V300R001). It is a cross-site scripting (XSS) vulnerability caused by insufficient input validation in the UMA component, enabling an attacker to craft malicious links/scripts to perform XSS. CVSS v3.0 base score 6.1 (NETWORK/LOW com...
CVE-2016-7108
Huawei UMA (Unified Maintenance Audit) before V200R001C00SPC200 SPH206 suffers an information disclosure where remote authenticated users can obtain MD5 hashes of arbitrary user passwords via unspecified vectors. The advisory HWPSIRT-2016-07051 notes a fix; apply Huawei software updates to mitiga...
CVE-2017-8126
CVE-2017-8126 concerns the Huawei UMA product (software V200R001) with a privilege-elevation vulnerability caused by insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit this flaw and gain elevated privileges. The issue is documented ac...
CVE-2016-7110
CVE-2016-7110 — Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 is vulnerable to remote command execution via “special characters.” The NVD description states that an attacker can exploit this to execute arbitrary commands. References point to Huawei PSIRT advisory and a SecurityF...