Skip to main content

Huawei

803 CVEs vendor

Monthly

CVE-2017-8167 HIGH This Week

Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Usg9500 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-8166 MEDIUM This Month

Huawei mobile phones Honor V9 with the software versions before Duke-AL20C00B195 have an App Lock bypass vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Honor V9 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2017-8160 HIGH This Week

The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Memory Corruption Huawei +5
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8159 HIGH This Week

Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Agassi L09Hn Firmware Agassi W09Hn Firmware +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8153 HIGH This Week

Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Huawei Information Disclosure Vmall
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2017-8152 MEDIUM This Month

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Honor 5S Firmware
NVD
CVSS 3.0
4.6
EPSS
0.0%
CVE-2017-8151 MEDIUM This Month

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Honor 5S Firmware
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2017-8150 HIGH This Week

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Google Huawei P10 Firmware +3
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8149 MEDIUM This Month

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Huawei P10 Firmware P10 Plus Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8144 MEDIUM This Month

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Honor 5A Firmware Honor 8 Lite Firmware Mate 9 Firmware +3
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8143 MEDIUM This Month

Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Honor 5C Firmware P9 Lite Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8133 HIGH This Week

Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Command Injection Neteco
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-2739 LOW Monitor

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Huawei Information Disclosure Vmall
NVD
CVSS 3.0
3.1
EPSS
0.0%
CVE-2017-2732 MEDIUM This Month

Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Hilink
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-2730 LOW Monitor

HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Hilink Tech Support
NVD
CVSS 3.0
3.5
EPSS
0.0%
CVE-2017-2728 MEDIUM This Month

Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Huawei Honor 6X Firmware
NVD
CVSS 3.0
6.4
EPSS
0.0%
CVE-2017-2727 MEDIUM This Month

Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365,. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation P9 Firmware
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2017-2723 MEDIUM This Month

The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Huawei Information Disclosure Files
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-2721 MEDIUM This Month

Some Huawei smart phones with software. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Google Authentication Bypass Berlin L21 Firmware Berlin L21Hn Firmware +9
NVD
CVSS 3.0
4.6
EPSS
0.0%
CVE-2017-2715 HIGH This Week

The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Files
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-2713 MEDIUM This Month

HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P9 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2017-2705 LOW Monitor

Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365,. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei P9 Firmware
NVD
CVSS 3.0
2.4
EPSS
0.0%
CVE-2017-2704 HIGH This Week

Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Smarthome Hiapp Hwparentcontrol +11
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2017-2699 HIGH This Week

The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Huawei File Upload Honor 7 Firmware Mate S Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-2691 MEDIUM This Month

Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei P9 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2015-4422 HIGH This Week

The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption). Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Huawei Mate 7 Firmware
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2015-4421 HIGH This Week

The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Huawei Mate 7 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2014-9697 HIGH This Week

Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Usg9560 Firmware Usg9520 Firmware Usg9580 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-7842 HIGH This Week

Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Rh2288 V3 Firmware Rh2288H V3 Firmware Xh628 V3 Firmware +7
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2017-0828 CRITICAL Act Now

An elevation of privilege vulnerability in the Huawei bootloader. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Huawei Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-7843 HIGH This Week

The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Fusionserver Ch121 V3 Fusionserver Ch220 V3 Fusionserver Ch222 V3 +7
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-7841 CRITICAL Act Now

The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Command Injection Fusionserver Ch121 V3 Fusionserver Ch220 V3 Fusionserver Ch222 V3 +7
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2015-7846 MEDIUM This Month

Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure S9300 Firmware S9700 Firmware S7700 Firmware +4
NVD
CVSS 3.0
4.6
EPSS
0.0%
CVE-2015-6592 MEDIUM This Month

Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Uap2105 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2015-8224 LOW Monitor

Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Information Disclosure P8 Firmware
NVD
CVSS 3.0
3.7
EPSS
0.1%
CVE-2015-4629 CRITICAL Act Now

Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation E5756S Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2015-8334 HIGH PATCH This Week

SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Huawei Vcn500 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-8332 HIGH This Week

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Privilege Escalation Vcm5010 Firmware Vcm5020 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-2245 HIGH This Week

Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 L09 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-3913 HIGH This Week

The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S2300 Firmware S2700 Firmware S3300 Firmware +19
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-2800 HIGH This Week

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass S5700 Firmware S5300 Firmware +5
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2015-2255 MEDIUM This Month

Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Huawei Ar1220 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-2253 MEDIUM This Month

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Oceanstor Uds Firmware
NVD
CVSS 3.0
5.0
EPSS
0.1%
CVE-2015-2252 HIGH This Week

Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Huawei Oceanstor Uds Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2015-2251 HIGH This Week

The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Oceanstor Uds Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-8089 HIGH This Week

The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Privilege Escalation P7 L09 Firmware P7 L05 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-6586 HIGH This Week

The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Wlan Acu2 Firmware Wlan Ac6005 Firmware Wlan Ac6605 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-8223 MEDIUM This Month

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 Firmware P8 Ale Ul00 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-7740 MEDIUM This Month

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 Firmware P8 Ale Ul00 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-8803 HIGH This Week

The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. Rated high severity (CVSS 7.5). No vendor patch available.

Huawei Privilege Escalation Fusionstorage
NVD
CVSS 3.0
7.5
EPSS
0.0%
CVE-2016-8802 MEDIUM This Month

The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Secospace Usg6300 Firmware Secospace Usg6500 Firmware Secospace Usg6600 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-8801 HIGH This Week

Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Command Injection Oceanstor 5600 V3 Firmware
NVD
CVSS 3.0
7.2
EPSS
0.2%
CVE-2016-8798 HIGH This Week

Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Usg5500 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-8797 HIGH This Week

Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ar3200 Firmware S12700 Firmware S5300 Firmware +6
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-8796 HIGH This Week

Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Usg9520 Firmware Usg9580 Firmware Usg9560 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-8795 MEDIUM This Month

Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow Huawei Buffer Overflow Cloudengine 5800 Firmware Cloudengine 6800 Firmware +4
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-8794 HIGH This Week

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Authentication Bypass Mate S Firmware Mate 8 Firmware P8 Firmware
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2016-8793 MEDIUM This Month

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software. Rated medium severity (CVSS 6.7). No vendor patch available.

Huawei Authentication Bypass Mate S Firmware Mate 8 Firmware P8 Firmware
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2016-8792 HIGH This Week

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Authentication Bypass Mate S Firmware Mate 8 Firmware P8 Firmware
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2016-8791 HIGH This Week

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Authentication Bypass Mate S Firmware Mate 8 Firmware P8 Firmware
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2016-8790 MEDIUM This Month

Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Huawei Cloudengine 5800 Firmware Cloudengine 6800 Firmware Cloudengine 7800 Firmware +2
NVD
CVSS 3.0
5.7
EPSS
0.0%
CVE-2016-8789 MEDIUM This Month

Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Huawei Espace Integrated Access Device Firmware
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-8781 MEDIUM This Month

Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Secospace Usg6300 Firmware Secospace Usg6500 Firmware Secospace Usg6600 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-8780 MEDIUM This Month

Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Cloudengine 6800 Firmware Cloudengine 7800 Firmware Cloudengine 8800 Firmware +1
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-8779 MEDIUM This Month

Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Fusionaccess
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-8776 MEDIUM This Month

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Google Authentication Bypass P9 Firmware P9 Lite Firmware
NVD
CVSS 3.0
4.6
EPSS
0.0%
CVE-2016-8775 MEDIUM This Month

Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Nem Al10 Firmware Nem L51 Firmware +2
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2016-8774 MEDIUM This Month

The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Mate 8 Firmware Mate S Firmware +2
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2016-8773 HIGH This Week

Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S12700 Firmware S5300 Firmware S5700 Firmware +5
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-8769 MEDIUM POC This Month

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Huawei Privilege Escalation Utps Firmware
NVD Exploit-DB
CVSS 3.1
6.7
EPSS
0.4%
CVE-2016-8768 HIGH This Week

Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Honor 6 Firmware Honor 6 Plus Firmware Honor 7 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8764 MEDIUM This Month

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150. Rated medium severity (CVSS 6.4). No vendor patch available.

Huawei Information Disclosure P9 Firmware P9 Lite Firmware P8 Lite Firmware
NVD
CVSS 3.0
6.4
EPSS
0.0%
CVE-2016-8763 HIGH This Week

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P9 Firmware P9 Lite Firmware P8 Lite Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8762 MEDIUM This Month

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure P9 Firmware P9 Lite Firmware P8 Lite Firmware
NVD
CVSS 3.0
5.0
EPSS
0.0%
CVE-2016-8761 HIGH This Week

Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei P9 Firmware P9 Plus Firmware Honor 6 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8760 HIGH This Week

Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei P9 Firmware P9 Plus Firmware Honor 6 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8759 HIGH This Week

Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei P9 Firmware P9 Plus Firmware Honor 6 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8758 MEDIUM This Month

ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate 8 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8757 LOW Monitor

ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P9 Firmware
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-8756 MEDIUM This Month

ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate 8 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8754 HIGH This Week

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Huawei Authentication Bypass Oceanstor 5600 V3 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-8275 MEDIUM This Month

Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Anyoffice
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-8274 HIGH This Week

Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Huawei Authentication Bypass Hisuite
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-8273 HIGH This Week

Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Hisuite
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-8272 MEDIUM This Month

Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Hisuite
NVD
CVSS 3.0
5.3
EPSS
0.0%
CVE-2016-8271 MEDIUM This Month

Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Espace Iad Firmware
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-6177 MEDIUM This Month

The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Huawei Buffer Overflow Oceanstor 5800 V3 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2404 HIGH This Week

Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Privilege Escalation S5700 Firmware S6700 Firmware S7700 Firmware +3
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-8671 HIGH This Week

Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Logcenter
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-8670 MEDIUM This Month

Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Logcenter
NVD
CVSS 3.0
6.5
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH This Week

Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Usg9500 Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Huawei mobile phones Honor V9 with the software versions before Duke-AL20C00B195 have an App Lock bypass vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Honor V9 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei +4
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Huawei Information Disclosure +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Honor 5S Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Honor 5S Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Google +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Huawei +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Honor 5A Firmware +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Honor 5C Firmware +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Command Injection Neteco
NVD
EPSS 0% CVSS 3.1
LOW Monitor

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Huawei Information Disclosure Vmall
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Hilink
NVD
EPSS 0% CVSS 3.5
LOW Monitor

HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Hilink +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Huawei Honor 6X Firmware
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365,. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation P9 Firmware
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Huawei Information Disclosure +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Some Huawei smart phones with software. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Google Authentication Bypass +11
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Files
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P9 Firmware
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365,. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei P9 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Smarthome +13
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Huawei File Upload +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei P9 Firmware
NVD
EPSS 0% CVSS 7.0
HIGH This Week

The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption). Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Huawei +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Huawei +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Usg9560 Firmware +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Rh2288 V3 Firmware +9
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An elevation of privilege vulnerability in the Huawei bootloader. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Huawei Information Disclosure +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Fusionserver Ch121 V3 +9
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Command Injection Fusionserver Ch121 V3 +9
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure S9300 Firmware +6
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Uap2105 Firmware
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Information Disclosure P8 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation E5756S Firmware
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Huawei Vcn500 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Privilege Escalation +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 L09 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S2300 Firmware +21
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass +7
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Huawei Ar1220 Firmware
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Oceanstor Uds Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Huawei +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Oceanstor Uds Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Privilege Escalation +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Wlan Acu2 Firmware +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 Firmware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 Firmware +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. Rated high severity (CVSS 7.5). No vendor patch available.

Huawei Privilege Escalation Fusionstorage
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Secospace Usg6300 Firmware +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Command Injection Oceanstor 5600 V3 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ar3200 Firmware +8
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Usg9520 Firmware +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow Huawei Buffer Overflow +6
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Authentication Bypass Mate S Firmware +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software. Rated medium severity (CVSS 6.7). No vendor patch available.

Huawei Authentication Bypass Mate S Firmware +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Authentication Bypass Mate S Firmware +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Authentication Bypass Mate S Firmware +2
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Huawei Cloudengine 5800 Firmware +4
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Huawei Espace Integrated Access Device Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Secospace Usg6300 Firmware +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Cloudengine 6800 Firmware +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Fusionaccess
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Google Authentication Bypass +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei +4
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S12700 Firmware +7
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Huawei Privilege Escalation Utps Firmware
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Honor 6 Firmware +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150. Rated medium severity (CVSS 6.4). No vendor patch available.

Huawei Information Disclosure P9 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P9 Firmware +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure P9 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei P9 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei P9 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei P9 Firmware +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate 8 Firmware
NVD
EPSS 0% CVSS 3.3
LOW Monitor

ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P9 Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate 8 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Huawei Authentication Bypass Oceanstor 5600 V3 Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Anyoffice
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Huawei Authentication Bypass +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Hisuite
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Hisuite
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Espace Iad Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Huawei Buffer Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Privilege Escalation S5700 Firmware +5
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Logcenter
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Logcenter
NVD
Prev Page 7 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy