Skip to main content

Huawei

803 CVEs vendor

Monthly

CVE-2015-8336 MEDIUM This Month

Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Fusioncompute
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2016-2780 HIGH This Week

Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Huawei Utps Firmware
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-1496 MEDIUM This Month

The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P8 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-1495 HIGH This Week

Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei Mate S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8682 MEDIUM This Month

The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate S Firmware P8 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2015-8304 HIGH This Week

Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei P7 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2405 HIGH This Week

Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Huawei Policy Center Firmware
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-3678 HIGH This Week

Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S5300 Firmware S5700 Firmware S7700 Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-3676 MEDIUM This Month

Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Huawei E3276S Firmware
NVD
CVSS 3.0
6.4
EPSS
0.0%
CVE-2016-3675 HIGH This Week

SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Huawei Policy Center Firmware
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2015-8681 HIGH This Week

The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass P8 Firmware Mate S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8680 HIGH This Week

The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass P8 P8 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8679 MEDIUM This Month

The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Mate S Firmware P8 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8319 HIGH This Week

Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei Mate S Firmware P8 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8318 HIGH This Week

Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei P8 Firmware Mate S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8307 HIGH PATCH This Week

The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Huawei Authentication Bypass Mate S Firmware P8 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8305 MEDIUM This Month

Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-2314 MEDIUM POC This Month

GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Huawei Mt882 Firmware
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2016-2231 CRITICAL POC Act Now

The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Huawei Microsoft Mt882 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-2214 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Huawei Agile Controller Campus
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2015-8265 HIGH This Week

Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei E5151 Firmware E5186 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2015-8675 MEDIUM This Month

Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass S5300 Firmware
NVD
CVSS 3.0
6.2
EPSS
0.0%
CVE-2015-8673 MEDIUM This Month

Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Te30 Te40 Te50 +2
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2015-8672 MEDIUM This Month

The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Te60 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-8337 MEDIUM This Month

The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate 7 Firmware P8 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8306 HIGH This Week

Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Huawei P8 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8088 HIGH POC This Week

Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Huawei P8 Firmware +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.8%
CVE-2015-8335 MEDIUM This Month

Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Vcn500
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2015-8333 HIGH This Week

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Vcn500
NVD
CVSS 3.0
7.1
EPSS
0.4%
CVE-2015-8331 HIGH This Week

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Huawei Vcn500
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2015-8231 HIGH This Week

Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Espace 7950 Espace 7910
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8230 HIGH This Week

Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Espace 8950
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8303 MEDIUM This Month

Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Document Security Management
NVD
CVSS 3.0
4.0
EPSS
0.0%
CVE-2015-8226 MEDIUM This Month

The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Ale Firmware Gem 703L Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8225 MEDIUM This Month

The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Ale Firmware Gem 703L Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8084 HIGH This Week

Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Huawei Unified Security Gateway Firmware
NVD
CVSS 2.0
7.1
EPSS
0.4%
CVE-2015-8229 MEDIUM PATCH This Month

Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Huawei Espace Firmware
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-8228 MEDIUM PATCH This Month

Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Huawei Ar Firmware
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-8227 HIGH This Week

The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Huawei Vp 9660 Firmware
NVD
CVSS 2.0
8.5
EPSS
0.2%
CVE-2015-8087 MEDIUM This Month

Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Ne Router Software
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-8083 HIGH This Week

An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei Espace Firmware
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2015-7845 MEDIUM This Month

The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Espace Firmware
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7254 MEDIUM POC THREAT This Month

Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Path Traversal Huawei Hg532E Hg532N Hg532S
NVD GitHub Exploit-DB
CVSS 2.0
5.0
EPSS
19.2%
CVE-2015-3912 MEDIUM This Month

Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Webui E355S Mobile Wifi Firmware
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-3911 CRITICAL Act Now

Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass E587 Mobile Wifi Firmware
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2015-2346 MEDIUM POC This Month

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Huawei Seq Analyst
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2015-2347 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Huawei Seq Analyst
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1460 HIGH This Week

Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Quidway Firmware
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-9418 LOW POC Monitor

The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Huawei Espace Desktop
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-9417 LOW POC Monitor

The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Huawei Espace Desktop
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-9416 MEDIUM POC This Month

Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1). Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

RCE Huawei Espace Desktop
NVD Exploit-DB
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-9415 LOW POC PATCH Monitor

Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. Rated low severity (CVSS 1.9). Public exploit code available.

Denial Of Service Huawei Espace Desktop
NVD Exploit-DB
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-9223 CRITICAL Act Now

Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Huawei Rompager
NVD
CVSS 2.0
10.0
EPSS
7.5%
CVE-2014-9222 CRITICAL POC THREAT Emergency

AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.4%.

Buffer Overflow Huawei Rompager
NVD
CVSS 2.0
10.0
EPSS
86.4%
Threat
6.1
CVE-2014-9135 MEDIUM This Month

The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Huawei P7 L10 Firmware
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2273 HIGH POC This Week

The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Huawei P2 6011 Firmware
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-9134 CRITICAL Act Now

Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Huawei File Upload Honor Cube Wireless Router Ws860S Firewall Honor Cube Wireless Router Ws860S
NVD
CVSS 2.0
10.0
EPSS
3.8%
CVE-2014-5395 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Huawei E5180S 22 Firmware E3276 Firmware E3236 Firmware +1
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-8359 HIGH POC This Week

Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Huawei Microsoft Mobile Partner Firmware +3
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
1.1%
CVE-2014-8331 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Huawei E3236 Firmware E3276 Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-5328 MEDIUM This Month

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei E5332 Firmware E5332
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-5327 MEDIUM This Month

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei E5332 Firmware E5332
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-2968 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Huawei E355 Web Ui E355 Firmware E355
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4190 HIGH This Week

Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700,. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei Campus Series Switch Software Campus Lsw S9700 +11
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2014-2946 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Huawei Webui E303 Modem Firmware E303 Modem
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-0337 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Huawei Echo Life Hg8247 Firmware Echo Life
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6031 MEDIUM POC This Month

The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information,. Rated medium severity (CVSS 4.3). Public exploit code available and no vendor patch available.

Huawei Authentication Bypass E355 Firmware E355
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
3.7%
CVE-2013-6786 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

D-Link TP-Link XSS Zyxel Huawei +7
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4633 CRITICAL Act Now

Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Seco Versatile Security Manager
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2013-4632 HIGH This Week

The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Denial Of Service Access Router
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2013-4631 HIGH POC This Week

Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Huawei Denial Of Service Ar 1200 Ar 150 +3
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
4.2%
CVE-2013-4630 HIGH POC THREAT Act Now

Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.5%.

Buffer Overflow Huawei RCE Ar 1200 Ar 150 +3
NVD Exploit-DB
CVSS 2.0
7.6
EPSS
19.5%
CVE-2013-4629 HIGH This Week

The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Authentication Bypass Vp 9610 Vp 9620
NVD
CVSS 2.0
8.5
EPSS
0.2%
CVE-2013-4628 LOW Monitor

The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Information Disclosure Quidway Service Process Unit Board S7700 Quidway Service Process Unit Board S9300 Quidway Service Process Unit Board S9700
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2012-6571 HIGH This Week

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ar 18 1X Ar 18 2X Ar 18 3X +15
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2012-6570 CRITICAL Act Now

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Huawei RCE Ar 18 1X Ar 18 2X +16
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2012-6569 CRITICAL Act Now

Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Huawei RCE Ar 18 1X Ar 18 2X +16
NVD
CVSS 2.0
9.3
EPSS
2.4%
CVE-2012-6568 MEDIUM POC This Month

Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Buffer Overflow Huawei Utps
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-4960 MEDIUM POC THREAT This Month

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Huawei Information Disclosure Acu Ar 19 29 49 Ar G3 +63
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
12.3%
CVE-2012-3268 LOW Monitor

Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller,. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

0235A0Bq 0150A129 0150A12A 0150A12B 0150A12C +672
NVD
CVSS 2.0
3.5
EPSS
1.8%
CVE-2012-5970 MEDIUM This Month

The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Huawei Denial Of Service E585 E585U 82
NVD
CVSS 2.0
6.1
EPSS
0.3%
CVE-2012-5969 MEDIUM This Month

Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Path Traversal E585 E585U 82
NVD
CVSS 2.0
4.8
EPSS
0.1%
CVE-2012-5968 MEDIUM This Month

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure E585 E585U 82
NVD
CVSS 2.0
4.8
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM This Month

Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Fusioncompute
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Huawei Utps Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P8 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate S Firmware +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei P7 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Huawei +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S5300 Firmware +4
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Huawei E3276S Firmware
NVD
EPSS 0% CVSS 8.1
HIGH This Week

SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Huawei Policy Center Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Huawei Authentication Bypass +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 Firmware
NVD
EPSS 0% CVSS 4.9
MEDIUM POC This Month

GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Huawei Mt882 Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Huawei Microsoft +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Huawei Agile Controller Campus
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei E5151 Firmware +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass S5300 Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Te30 +4
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Te60 Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate 7 Firmware +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow +3
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM This Month

Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Vcn500
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Vcn500
NVD
EPSS 0% CVSS 7.4
HIGH This Week

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Huawei Vcn500
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Espace 7950 +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Espace 8950
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Document Security Management
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Ale Firmware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Ale Firmware +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Huawei Unified Security Gateway Firmware
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Huawei Espace Firmware
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Huawei Ar Firmware
NVD
EPSS 0% CVSS 8.5
HIGH This Week

The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Huawei Vp 9660 Firmware
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Ne Router Software
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Espace Firmware
NVD
EPSS 19% CVSS 5.0
MEDIUM POC THREAT This Month

Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Path Traversal Huawei Hg532E +2
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.0
MEDIUM This Month

Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Webui +1
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass +1
NVD
EPSS 0% CVSS 4.0
MEDIUM POC This Month

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Huawei Seq Analyst
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Huawei Seq Analyst
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Quidway Firmware
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Huawei +1
NVD Exploit-DB
EPSS 0% CVSS 2.1
LOW POC Monitor

The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Huawei Espace Desktop
NVD Exploit-DB
EPSS 0% CVSS 4.4
MEDIUM POC This Month

Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1). Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

RCE Huawei Espace Desktop
NVD Exploit-DB
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. Rated low severity (CVSS 1.9). Public exploit code available.

Denial Of Service Huawei Espace Desktop
NVD Exploit-DB
EPSS 8% CVSS 10.0
CRITICAL Act Now

Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 86% 6.1 CVSS 10.0
CRITICAL POC THREAT Emergency

AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.4%.

Buffer Overflow Huawei Rompager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Huawei P7 L10 Firmware
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Huawei P2 6011 Firmware
NVD
EPSS 4% CVSS 10.0
CRITICAL Act Now

Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Huawei File Upload +2
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Huawei E5180S 22 Firmware +3
NVD Exploit-DB
EPSS 1% CVSS 7.2
HIGH POC This Week

Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Huawei +5
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Huawei E3236 Firmware +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Huawei E355 Web Ui +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700,. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei +13
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Huawei Webui +2
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Huawei Echo Life Hg8247 Firmware +1
NVD VulDB
EPSS 4% CVSS 4.3
MEDIUM POC This Month

The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information,. Rated medium severity (CVSS 4.3). Public exploit code available and no vendor patch available.

Huawei Authentication Bypass E355 Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

D-Link TP-Link XSS +9
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Seco Versatile Security Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Denial Of Service Access Router
NVD
EPSS 4% CVSS 7.8
HIGH POC This Week

Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Huawei Denial Of Service +5
NVD Exploit-DB
EPSS 20% CVSS 7.6
HIGH POC THREAT Act Now

Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.5%.

Buffer Overflow Huawei RCE +5
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH This Week

The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Authentication Bypass Vp 9610 +1
NVD
EPSS 0% CVSS 3.5
LOW Monitor

The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Huawei Information Disclosure Quidway Service Process Unit Board S7700 +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ar 18 1X +17
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Huawei RCE +18
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Huawei RCE +18
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Buffer Overflow Huawei Utps
NVD Exploit-DB
EPSS 12% CVSS 6.5
MEDIUM POC THREAT This Month

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Huawei Information Disclosure Acu +65
NVD Exploit-DB
EPSS 2% CVSS 3.5
LOW Monitor

Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller,. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

0235A0Bq 0150A129 0150A12A +674
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Huawei Denial Of Service E585 +1
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Path Traversal E585 +1
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure E585 +1
NVD
Prev Page 9 of 9

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy