Vulnerabilities > Huawei > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-26 | CVE-2016-8279 | Improper Access Control vulnerability in Huawei Honor6 Firmware, Mate S Firmware and P8 Firmware The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. | 5.5 |
| 2016-09-26 | CVE-2016-6840 | Cross-site Scripting vulnerability in Huawei Oceanstor ISM V200R001C01/V200R001C02/V200R001C03 Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors. | 6.1 |
| 2016-09-22 | CVE-2016-6824 | Improper Input Validation vulnerability in Huawei products Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets. | 6.5 |
| 2016-09-21 | CVE-2016-6158 | Cross-Site Request Forgery (CSRF) vulnerability in Huawei Ws331A Router Firmware Ws331A10V100R001C02B017Sp01 Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors. | 6.1 |
| 2016-09-07 | CVE-2016-7108 | Information Exposure vulnerability in Huawei UMA V200R001/V200R001C00Spc100/V200R001C00Spc200 Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. | 6.5 |
| 2016-09-07 | CVE-2016-6900 | Resource Management Errors vulnerability in Huawei products The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors. | 5.5 |
| 2016-09-07 | CVE-2016-6898 | Improper Access Control vulnerability in Huawei E9000 Chassis V100R001C00 XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document. | 6.6 |
| 2016-09-07 | CVE-2016-6839 | HTTP Response Splitting vulnerability in Huawei Fusionaccess V100R005C10/V100R005C20/V100R005C30 CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 6.1 |
| 2016-09-07 | CVE-2016-6670 | Information Exposure vulnerability in multiple products Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate. | 5.3 |
| 2016-07-12 | CVE-2016-5850 | Cross-site Scripting vulnerability in Huawei Public Cloud Solution 1.0.0 Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |