Vulnerabilities > Huawei > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-22 | CVE-2017-8123 | Improper Input Validation vulnerability in Huawei UMA V200R001 The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. | 9.8 |
| 2017-11-22 | CVE-2017-8122 | Improper Input Validation vulnerability in Huawei UMA V200R001 The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. | 9.8 |
| 2017-11-22 | CVE-2017-8120 | Improper Input Validation vulnerability in Huawei UMA V200R001/V300R001 The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. | 9.8 |
| 2017-11-22 | CVE-2017-8119 | Improper Input Validation vulnerability in Huawei UMA V200R001/V300R001 The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. | 9.8 |
| 2017-11-22 | CVE-2017-8117 | Improper Input Validation vulnerability in Huawei UMA V200R001/V300R001 The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. | 9.8 |
| 2017-11-22 | CVE-2017-2738 | Improper Authentication vulnerability in Huawei Vcm5010 Firmware V100R001C10B010 VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. | 9.8 |
| 2017-10-04 | CVE-2017-14491 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | 9.8 |
| 2017-10-03 | CVE-2015-7841 | Command Injection vulnerability in Huawei products The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command." | 9.8 |
| 2017-09-07 | CVE-2015-4629 | Permissions, Privileges, and Access Controls vulnerability in Huawei E5756S Firmware V100R001B100D00Sp00C00 Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions. | 9.8 |
| 2017-06-20 | CVE-2017-3216 | Missing Authentication for Critical Function vulnerability in multiple products WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | 9.8 |