Vulnerabilities > Huawei
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-12 | CVE-2014-5328 | Resource Management Errors vulnerability in Huawei E5332 and E5332 Firmware Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API service request message. | 6.8 |
| 2014-10-12 | CVE-2014-5327 | Resource Management Errors vulnerability in Huawei E5332 and E5332 Firmware Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI. | 6.8 |
| 2014-07-24 | CVE-2014-2968 | Cross-Site Scripting vulnerability in Huawei E355, E355 Firmware and E355 web UI Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message. | 4.3 |
| 2014-06-17 | CVE-2014-4190 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Huawei products Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. | 7.8 |
| 2014-06-02 | CVE-2014-2946 | Cross-Site Request Forgery (CSRF) vulnerability in Huawei E303 Modem, E303 Modem Firmware and Webui Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document. | 6.8 |
| 2014-04-05 | CVE-2014-0337 | Cross-Site Scripting vulnerability in Huawei Echo Life and Echo Life Hg8247 Firmware Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view. | 4.3 |
| 2014-03-11 | CVE-2013-6031 | Improper Authentication vulnerability in Huawei E355 and E355 Firmware The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings. | 4.3 |
| 2013-06-20 | CVE-2013-4633 | Permissions, Privileges, and Access Controls vulnerability in Huawei Seco Versatile Security Manager V200R002C00/V200R002C00Spc100/V200R002C00Spc200 Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. | 9.0 |
| 2013-06-20 | CVE-2013-4632 | Improper Input Validation vulnerability in Huawei Access Router V200R002C01Spc200 The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP phone. | 7.8 |
| 2013-06-20 | CVE-2013-4631 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Huawei products Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues. | 7.8 |