| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets. |
| Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. |
| Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file. |
| Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet. |
| Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors. |
| Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. |
| Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to other VPNs and conduct flooding attacks via a crafted MPLS forwarding packet, aka a "VPN routing and forwarding (VRF) hopping vulnerability." |
| Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view. |
| The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. |
| Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. |
| Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192. |
| Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands. |
| Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. |
| Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. |
| The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. |
| Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. |
| The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface. |
| Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109. |
| Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110. |
