Vulnerabilities > Huawei

DATE CVE VULNERABILITY TITLE RISK
2017-12-11 CVE-2014-8358 Untrusted Search Path vulnerability in Huawei Ec156 Firmware, Ec176 Firmware and Ec177 Firmware
Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.
local
low complexity
huawei CWE-426
7.8
2017-11-22 CVE-2017-8216 Incorrect Authorization vulnerability in Huawei P10 Lite Firmware Warsawal00C00B180
Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability.
local
low complexity
huawei CWE-863
5.5
2017-11-22 CVE-2017-8215 Unspecified vulnerability in Huawei products
Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have a permission control vulnerability.
low complexity
huawei
6.2
2017-11-22 CVE-2017-8214 Improper Authentication vulnerability in Huawei products
Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability.
low complexity
huawei CWE-287
6.2
2017-11-22 CVE-2017-8213 Improper Certificate Validation vulnerability in Huawei Smc2.0 Firmware
Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate.
network
low complexity
huawei CWE-295
5.3
2017-11-22 CVE-2017-8212 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Honor 5C Firmware and Honor 6X Firmware
The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation.
local
low complexity
huawei CWE-119
7.8
2017-11-22 CVE-2017-8211 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Honor 5C Firmware and Honor 6X Firmware
The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation.
local
low complexity
huawei CWE-119
7.8
2017-11-22 CVE-2017-8210 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Honor 5C Firmware and Honor 6X Firmware
The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation.
local
low complexity
huawei CWE-119
7.8
2017-11-22 CVE-2017-8209 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Honor 5C Firmware and Honor 6X Firmware
The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation.
local
low complexity
huawei CWE-119
7.8
2017-11-22 CVE-2017-8208 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Honor 5C Firmware and Honor 6X Firmware
The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation.
local
low complexity
huawei CWE-119
7.8