Vulnerabilities > Huawei > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-10 CVE-2020-8840 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
network
low complexity
fasterxml debian netapp huawei oracle CWE-502
critical
 9.8
9.8
2020-01-27 CVE-2013-2612 OS Command Injection vulnerability in Huawei E587 Firmware 11.203.27
Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI.
network
low complexity
huawei CWE-78
critical
 9.8
9.8
2019-12-26 CVE-2019-19398 Improper Input Validation vulnerability in Huawei M5 Lite 10 Firmware 8.0.0.182(C00)
M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability.
network
low complexity
huawei CWE-20
critical
 9.8
9.8
2019-05-16 CVE-2019-0708 Use After Free vulnerability in multiple products
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
network
low complexity
microsoft siemens huawei CWE-416
critical
 9.8
9.8
2019-03-13 CVE-2015-2254 Information Exposure vulnerability in Huawei Oceanstor UDS Firmware
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch.
network
low complexity
huawei CWE-200
critical
 9.1
9.1
2018-02-15 CVE-2017-17301 Improper Certificate Validation vulnerability in Huawei products
Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30 V100R001C10, TE60 V100R003C00, V500R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660 V100R008C02, V100R008C03, eSpace IAD V300R002C01, eSpace U1981 V200R003C20, V200R003C30, eSpace USM V100R001C01, V300R001C00 have a weak cryptography vulnerability.
network
low complexity
huawei CWE-295
critical
 9.8
9.8
2017-11-22 CVE-2017-8129 Improper Input Validation vulnerability in Huawei UMA V200R001/V300R001
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters.
network
low complexity
huawei CWE-20
critical
 9.8
9.8
2017-11-22 CVE-2017-8128 Improper Input Validation vulnerability in Huawei UMA V200R001/V300R001
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters.
network
low complexity
huawei CWE-20
critical
 9.8
9.8
2017-11-22 CVE-2017-8126 Improper Input Validation vulnerability in Huawei UMA V200R001
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters.
network
low complexity
huawei CWE-20
critical
 9.8
9.8
2017-11-22 CVE-2017-8124 Improper Input Validation vulnerability in Huawei UMA V200R001
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters.
network
low complexity
huawei CWE-20
critical
 9.8
9.8