803
CVEs
67
Critical
367
High
0
KEV
28
PoC
428
Unpatched C/H
2.1%
Patch Rate
0.6%
Avg EPSS
Severity Breakdown
CRITICAL
67
HIGH
367
MEDIUM
330
LOW
39
Monthly CVE Trend
Affected Products (30)
Emui
137
Magic Ui
131
Harmonyos
81
Secospace Usg6600 Firmware
33
P30 Firmware
27
Usg9500 Firmware
27
S5700 Firmware
25
Secospace Usg6300 Firmware
21
Mate 20 Firmware
21
S7700 Firmware
20
Secospace Usg6500 Firmware
20
P8 Firmware
19
Nip6800 Firmware
19
P30 Pro Firmware
19
S9700 Firmware
18
S6700 Firmware
17
S9300 Firmware
17
Nip6600 Firmware
16
Mate S Firmware
16
P9 Firmware
16
Cloudengine 12800 Firmware
15
Ar3200 Firmware
14
S12700 Firmware
14
Nip6300 Firmware
14
Mate 8 Firmware
13
S5300 Firmware
12
Cloudengine 6800 Firmware
11
Ngfw Module Firmware
11
Mate 30 Firmware
10
Cloudengine 7800 Firmware
10
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2014-9222 | AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.4%. | CRITICAL | 10.0 | 86.4% | 156 |
PoC
No patch
|
| CVE-2013-4630 | Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.5%. | HIGH | 7.6 | 19.5% | 78 |
PoC
No patch
|
| CVE-2016-2231 | The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 0.3% | 69 |
PoC
No patch
|
| CVE-2012-4960 | The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%. | MEDIUM | 6.5 | 12.3% | 65 |
PoC
No patch
|
| CVE-2015-7254 | Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%. | MEDIUM | 5.0 | 19.2% | 64 |
PoC
No patch
|
| CVE-2020-37220 | Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 0.1% | 64 |
PoC
No patch
|
| CVE-2013-4631 | Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 4.2% | 63 |
PoC
No patch
|
| CVE-2015-8088 | Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 0.8% | 60 |
PoC
No patch
|
| CVE-2014-8358 | Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 0.8% | 60 |
PoC
No patch
|
| CVE-2016-5821 | Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 0.1% | 59 |
PoC
No patch
|
| CVE-2014-9223 | Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 7.5% | 58 |
No patch
|
| CVE-2014-8359 | Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.2 | 1.1% | 57 |
PoC
No patch
|
| CVE-2014-2273 | The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.2 | 0.0% | 56 |
PoC
No patch
|
| CVE-2014-3222 | In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available. | HIGH | 7.0 | 0.3% | 55 |
PoC
No patch
|
| CVE-2012-6568 | Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available. | MEDIUM | 6.9 | 0.1% | 55 |
PoC
No patch
|