Filtered by vendor Huawei
Subscriptions
Total
2198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6670 | 2 Huawei, Huawei Firmware | 8 S12700, S7700, S7700 Firmware and 5 more | 2025-04-12 | N/A |
| Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate. | ||||
| CVE-2015-8304 | 1 Huawei | 2 P7, P7 Firmware | 2025-04-12 | N/A |
| Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission. | ||||
| CVE-2015-8336 | 1 Huawei | 1 Fusioncompute | 2025-04-12 | 4.3 Medium |
| Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. | ||||
| CVE-2022-44564 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2025-04-11 | 7.8 High |
| Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources. | ||||
| CVE-2022-41579 | 1 Huawei | 2 Hota-fara-b19, Hota-fara-b19 Firmware | 2025-04-11 | 6.5 Medium |
| There is an insufficient authentication vulnerability in some Huawei band products. Successful exploit could allow the attacker to spoof then connect to the band. | ||||
| CVE-2022-39012 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2025-04-11 | 7.5 High |
| Huawei Aslan Children's Watch has an improper input validation vulnerability. Successful exploitation may cause the watch's application service abnormal. | ||||
| CVE-2022-46740 | 1 Huawei | 2 Ws7100-20, Ws7100-20 Firmware | 2025-04-11 | 6.5 Medium |
| There is a denial of service vulnerability in the Wi-Fi module of the HUAWEI WS7100-20 Smart WiFi Router.Successful exploit could cause a denial of service (DoS) condition. | ||||
| CVE-2022-45874 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2025-04-11 | 5.5 Medium |
| Huawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit could allow the attacker to access certain file. | ||||
| CVE-2013-4633 | 1 Huawei | 1 Seco Versatile Security Manager | 2025-04-11 | N/A |
| Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. | ||||
| CVE-2013-4629 | 1 Huawei | 2 Vp 9610, Vp 9620 | 2025-04-11 | N/A |
| The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method. | ||||
| CVE-2013-4632 | 1 Huawei | 1 Access Router | 2025-04-11 | N/A |
| The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP phone. | ||||
| CVE-2013-4628 | 1 Huawei | 3 Quidway Service Process Unit Board S7700, Quidway Service Process Unit Board S9300, Quidway Service Process Unit Board S9700 | 2025-04-11 | N/A |
| The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone. | ||||
| CVE-2012-6568 | 1 Huawei | 1 Utps | 2025-04-11 | N/A |
| Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. | ||||
| CVE-2012-5970 | 1 Huawei | 2 E585, E585u-82 | 2025-04-11 | N/A |
| The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified vulnerability-scanning software. | ||||
| CVE-2012-5969 | 1 Huawei | 2 E585, E585u-82 | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbitrary files via a .. (dot dot) in the req_page parameter to en/sms.cgi. | ||||
| CVE-2012-5968 | 1 Huawei | 2 E585, E585u-82 | 2025-04-11 | N/A |
| The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network. | ||||
| CVE-2012-3268 | 2 Hp, Huawei | 675 0150a129, 0150a12a, 0150a12b and 672 more | 2025-04-11 | N/A |
| Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. | ||||
| CVE-2013-6786 | 6 Allegrosoft, Dlink, Huawei and 3 more | 7 Rompager, Dsl-2640r, Dsl-2641r and 4 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately. | ||||
| CVE-2012-6569 | 1 Huawei | 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more | 2025-04-11 | N/A |
| Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI. | ||||
| CVE-2012-6570 | 1 Huawei | 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more | 2025-04-11 | N/A |
| The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response. | ||||