Vulnerabilities > Huawei > High

DATE CVE VULNERABILITY TITLE RISK
2016-04-07 CVE-2015-8307 Improper Access Control vulnerability in Huawei Mate S Firmware and P8 Firmware
The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the graphics permission, aka an "interface access control vulnerability," a different vulnerability than CVE-2015-8680.
local
low complexity
huawei CWE-284
7.8
2016-02-01 CVE-2015-8265 Improper Input Validation vulnerability in Huawei E5151 Firmware and E5186 Firmware
Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors.
network
low complexity
huawei CWE-20
7.5
2016-01-12 CVE-2015-8306 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei P8 Firmware
Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) or execute arbitrary code via an unspecified parameter.
local
low complexity
huawei CWE-119
7.8
2016-01-12 CVE-2015-8088 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate 7 Firmware and P8 Firmware
Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 and P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, and GRA-UL10 before GRA-UL10C00B220 allows attackers to cause a denial of service (reboot) or execute arbitrary code via a crafted application.
local
low complexity
huawei CWE-119
7.8
2016-01-11 CVE-2015-8333 Permissions, Privileges, and Access Controls vulnerability in Huawei Vcn500 V100R002C00Spc200B010
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets.
network
low complexity
huawei CWE-264
7.1
2016-01-11 CVE-2015-8331 Improper Input Validation vulnerability in Huawei Vcn500 V100R002C00Spc200B010
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID.
network
high complexity
huawei CWE-20
7.4
2016-01-11 CVE-2015-8231 Resource Management Errors vulnerability in Huawei Espace 7910 and Espace 7950
Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets.
network
low complexity
huawei CWE-399
7.5
2016-01-11 CVE-2015-8230 Resource Management Errors vulnerability in Huawei Espace 8950 V200R003C00Spc200
Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP packets.
network
low complexity
huawei CWE-399
7.5
2009-07-01 CVE-2009-2272 Cleartext Storage of Sensitive Information vulnerability in Huawei D100 Firmware
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
network
low complexity
huawei CWE-312
7.5