Skip to main content
CVE-2013-4630 HIGH POC THREAT Act Now

Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.5%.

Buffer Overflow Huawei RCE Ar 1200 Ar 150 +3
NVD Exploit-DB
CVSS 2.0
7.6
EPSS
19.5%
CVE-2012-4960 MEDIUM POC THREAT This Month

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Huawei Information Disclosure Acu Ar 19 29 49 Ar G3 +63
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
12.3%
CVE-2013-4631 HIGH POC This Week

Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Huawei Denial Of Service Ar 1200 Ar 150 +3
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
4.2%
CVE-2013-1612 HIGH POC This Week

Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition. Rated high severity (CVSS 7.9). Public exploit code available and no vendor patch available.

Buffer Overflow RCE Endpoint Protection Manager Endpoint Protection Center
NVD Exploit-DB
CVSS 2.0
7.9
EPSS
2.7%
CVE-2012-6568 MEDIUM POC This Month

Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Buffer Overflow Huawei Utps
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-6570 CRITICAL Act Now

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Huawei RCE Ar 18 1X Ar 18 2X +16
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2012-6569 CRITICAL Act Now

Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Huawei RCE Ar 18 1X Ar 18 2X +16
NVD
CVSS 2.0
9.3
EPSS
2.4%
CVE-2013-4633 CRITICAL Act Now

Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Seco Versatile Security Manager
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2013-4629 HIGH This Week

The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Authentication Bypass Vp 9610 Vp 9620
NVD
CVSS 2.0
8.5
EPSS
0.2%
CVE-2013-4632 HIGH This Week

The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Denial Of Service Access Router
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2013-4634 HIGH This Week

SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Rzautocomplete
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2012-6571 HIGH This Week

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ar 18 1X Ar 18 2X Ar 18 3X +15
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-1905 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Zeropoint
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4628 LOW Monitor

The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Information Disclosure Quidway Service Process Unit Board S7700 Quidway Service Process Unit Board S9300 Quidway Service Process Unit Board S9700
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2013-1393 LOW Monitor

Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Curvycorners
NVD
CVSS 2.0
2.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy