Vulnerabilities > Huawei > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-11 | CVE-2015-8331 | Improper Input Validation vulnerability in Huawei Vcn500 V100R002C00Spc200B010 The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID. | 5.8 |
| 2015-11-24 | CVE-2015-8229 | Improper Input Validation vulnerability in Huawei Espace Firmware Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered device. | 4.0 |
| 2015-11-24 | CVE-2015-8228 | Path Traversal vulnerability in Huawei AR Firmware Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors. | 4.0 |
| 2015-11-19 | CVE-2015-8087 | Resource Management Errors vulnerability in Huawei NE Router Software Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to other VPNs and conduct flooding attacks via a crafted MPLS forwarding packet, aka a "VPN routing and forwarding (VRF) hopping vulnerability." | 5.0 |
| 2015-11-19 | CVE-2015-7845 | Improper Input Validation vulnerability in Huawei Espace Firmware The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets. | 5.0 |
| 2015-11-07 | CVE-2015-7254 | Path Traversal vulnerability in Huawei Hg532E, Hg532N and Hg532S Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2015-05-21 | CVE-2015-3912 | Information Exposure vulnerability in Huawei E355S Mobile Wifi Firmware and Webui Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. | 5.0 |
| 2015-05-18 | CVE-2015-2346 | Unspecified vulnerability in Huawei SEQ Analyst XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. | 4.0 |
| 2015-05-08 | CVE-2015-2347 | Cross-site Scripting vulnerability in Huawei SEQ Analyst Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in (1) common/, (2) monitor/, or (3) psnpm/ or the (4) module XML element in the req parameter to flexdata.action in monitor/. | 4.3 |
| 2014-12-24 | CVE-2014-9416 | DLL Loading Multiple Local Code Execution vulnerability in Huawei eSpace Desktop Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll. local huawei | 4.4 |