Vulnerabilities > Huawei
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-03 | CVE-2016-8276 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication. | 9.8 |
| 2016-10-03 | CVE-2015-8086 | Inadequate Encryption Strength vulnerability in Huawei products Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. | 4.9 |
| 2016-10-03 | CVE-2015-8085 | Inadequate Encryption Strength vulnerability in Huawei products Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. | 4.9 |
| 2016-09-27 | CVE-2016-4058 | Cross-site Scripting vulnerability in Huawei Policy Center V100R003C00/V100R003C10 Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." | 5.4 |
| 2016-09-26 | CVE-2016-6901 | Improper Input Validation vulnerability in Huawei AR Firmware and Netengine 16Ex Firmware Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands. | 6.5 |
| 2016-09-26 | CVE-2016-6827 | Information Exposure vulnerability in Huawei Fusioncompute Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 6.5 |
| 2016-09-26 | CVE-2016-6826 | Improper Access Control vulnerability in Huawei Anyoffice Secureapp 2.5.0301.0190/2.5.0501.0190 Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. | 6.5 |
| 2016-09-26 | CVE-2016-6518 | Resource Management Errors vulnerability in Huawei products Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets. | 7.5 |
| 2016-09-26 | CVE-2016-8279 | Improper Access Control vulnerability in Huawei Honor6 Firmware, Mate S Firmware and P8 Firmware The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. | 5.5 |
| 2016-09-26 | CVE-2016-6840 | Cross-site Scripting vulnerability in Huawei Oceanstor ISM V200R001C01/V200R001C02/V200R001C03 Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors. | 6.1 |