Vulnerabilities > Huawei > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-07 CVE-2016-6898 Improper Access Control vulnerability in Huawei E9000 Chassis V100R001C00
XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document.
local
low complexity
huawei CWE-284
6.6
2016-09-07 CVE-2016-6839 HTTP Response Splitting vulnerability in Huawei Fusionaccess V100R005C10/V100R005C20/V100R005C30
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
network
low complexity
huawei CWE-113
6.1
2016-09-07 CVE-2016-6670 Information Exposure vulnerability in multiple products
Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate.
network
low complexity
huawei-firmware huawei CWE-200
5.3
2016-07-12 CVE-2016-5850 Cross-site Scripting vulnerability in Huawei Public Cloud Solution 1.0.0
Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
huawei CWE-79
5.4
2016-06-30 CVE-2016-5232 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate 8 Firmware NXT
Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (system crash) via a crafted app.
local
low complexity
huawei CWE-119
5.5
2016-06-30 CVE-2016-4086 Unspecified vulnerability in Huawei Hisuite
Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors.
high complexity
huawei
5.3
2016-06-30 CVE-2016-4057 Resource Management Errors vulnerability in Huawei Fusioncompute V100R005C00
Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets.
network
low complexity
huawei CWE-399
6.5
2016-06-24 CVE-2016-5435 Resource Management Errors vulnerability in Huawei Firmware V5500R001C00
Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet.
network
high complexity
huawei CWE-399
5.9
2016-06-13 CVE-2016-4005 Cryptographic Issues vulnerability in Huawei Hilink APP 3.19.1
The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
local
low complexity
huawei CWE-310
5.5
2016-06-13 CVE-2016-3677 Insufficient Verification of Data Authenticity vulnerability in Huawei Hilink APP and Wear APP
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
network
low complexity
huawei CWE-345
6.5