Vulnerabilities > Huawei > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-27 CVE-2016-4058 Cross-site Scripting vulnerability in Huawei Policy Center V100R003C00/V100R003C10
Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages."
network
low complexity
huawei CWE-79
5.4
2016-09-26 CVE-2016-6901 Improper Input Validation vulnerability in Huawei AR Firmware and Netengine 16Ex Firmware
Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands.
network
low complexity
huawei CWE-20
6.5
2016-09-26 CVE-2016-6827 Information Exposure vulnerability in Huawei Fusioncompute
Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
huawei CWE-200
6.5
2016-09-26 CVE-2016-6826 Improper Access Control vulnerability in Huawei Anyoffice Secureapp 2.5.0301.0190/2.5.0501.0190
Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment.
network
low complexity
huawei CWE-284
6.5
2016-09-26 CVE-2016-8279 Improper Access Control vulnerability in Huawei Honor6 Firmware, Mate S Firmware and P8 Firmware
The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application.
local
low complexity
huawei CWE-284
5.5
2016-09-26 CVE-2016-6840 Cross-site Scripting vulnerability in Huawei Oceanstor ISM V200R001C01/V200R001C02/V200R001C03
Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors.
network
low complexity
huawei CWE-79
6.1
2016-09-22 CVE-2016-6824 Improper Input Validation vulnerability in Huawei products
Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets.
network
low complexity
huawei CWE-20
6.5
2016-09-21 CVE-2016-6158 Cross-Site Request Forgery (CSRF) vulnerability in Huawei Ws331A Router Firmware Ws331A10V100R001C02B017Sp01
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors.
network
low complexity
huawei CWE-352
6.1
2016-09-07 CVE-2016-7108 Information Exposure vulnerability in Huawei UMA V200R001/V200R001C00Spc100/V200R001C00Spc200
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.
network
low complexity
huawei CWE-200
6.5
2016-09-07 CVE-2016-6900 Resource Management Errors vulnerability in Huawei products
The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors.
local
low complexity
huawei CWE-399
5.5