Vulnerabilities > Huawei
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-20 | CVE-2017-3216 | Missing Authentication for Critical Function vulnerability in multiple products WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | 9.8 |
| 2017-06-08 | CVE-2015-3913 | Improper Input Validation vulnerability in Huawei products The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. | 7.5 |
| 2017-06-08 | CVE-2015-2800 | Improper Authentication vulnerability in Huawei products The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation. | 7.5 |
| 2017-06-08 | CVE-2015-2255 | Data Processing Errors vulnerability in Huawei Ar1220 Firmware Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port. | 5.9 |
| 2017-06-08 | CVE-2015-2253 | Information Exposure vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101 The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. | 5.0 |
| 2017-06-08 | CVE-2015-2252 | Code Injection vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101 Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | 8.8 |
| 2017-06-08 | CVE-2015-2251 | Information Exposure vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101 The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. | 7.5 |
| 2017-05-23 | CVE-2015-8089 | Permissions, Privileges, and Access Controls vulnerability in Huawei P7-L00 Firmware, P7-L05 Firmware and P7-L09 Firmware The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application. | 7.8 |
| 2017-05-23 | CVE-2015-6586 | Information Exposure vulnerability in Huawei products The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network. | 7.5 |
| 2017-04-13 | CVE-2015-8223 | Permission Issues vulnerability in Huawei P7 Firmware and P8 Ale-Ul00 Firmware Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver. | 5.5 |