Vulnerabilities > Huawei > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-24 | CVE-2014-2968 | Cross-Site Scripting vulnerability in Huawei E355, E355 Firmware and E355 web UI Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message. | 4.3 |
| 2014-06-02 | CVE-2014-2946 | Cross-Site Request Forgery (CSRF) vulnerability in Huawei E303 Modem, E303 Modem Firmware and Webui Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document. | 6.8 |
| 2014-04-05 | CVE-2014-0337 | Cross-Site Scripting vulnerability in Huawei Echo Life and Echo Life Hg8247 Firmware Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view. | 4.3 |
| 2014-03-11 | CVE-2013-6031 | Improper Authentication vulnerability in Huawei E355 and E355 Firmware The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings. | 4.3 |
| 2013-06-20 | CVE-2012-6568 | Buffer Errors vulnerability in Huawei Utps 1.0 Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. | 6.9 |
| 2013-06-20 | CVE-2012-4960 | Cryptographic Issues vulnerability in Huawei products The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | 6.5 |
| 2012-12-19 | CVE-2012-5970 | Unspecified vulnerability in Huawei E585 and E585U-82 The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified vulnerability-scanning software. low complexity huawei | 6.1 |
| 2012-12-19 | CVE-2012-5969 | Path Traversal vulnerability in Huawei E585 and E585U-82 Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. | 4.8 |
| 2012-12-19 | CVE-2012-5968 | Improper Input Validation vulnerability in Huawei E585 and E585U-82 The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network. | 4.8 |
| 2009-12-04 | CVE-2009-4197 | Cross-Site Scripting and Information Disclosure vulnerability in Huawei Mt882 Modem and Mt882 Modem Firmware rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. local huawei | 4.7 |