Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Huawei Subscribe
Total 1604 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2245 1 Huawei 2 P7-l09, P7-l09 Firmware 2017-07-03 5.0 MEDIUM 7.5 HIGH
Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash).
CVE-2015-3913 1 Huawei 44 S12700, S12700 Firmware, S2300 and 41 more 2017-06-22 7.8 HIGH 7.5 HIGH
The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.
CVE-2015-2253 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2017-06-20 3.5 LOW 5.0 MEDIUM
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.
CVE-2015-2251 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2017-06-20 5.0 MEDIUM 7.5 HIGH
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.
CVE-2015-2252 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2017-06-20 9.3 HIGH 8.8 HIGH
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.
CVE-2015-2800 1 Huawei 14 Campus S5300, Campus S5700, Campus S6300 and 11 more 2017-06-20 7.8 HIGH 7.5 HIGH
The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.
CVE-2015-2255 1 Huawei 2 Ar1220, Ar1220 Firmware 2017-06-16 4.3 MEDIUM 5.9 MEDIUM
Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port.
CVE-2015-6586 1 Huawei 6 Wlan Ac6005, Wlan Ac6005 Firmware, Wlan Ac6605 and 3 more 2017-06-07 5.0 MEDIUM 7.5 HIGH
The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network.
CVE-2015-8089 1 Huawei 6 P7-l00, P7-l00 Firmware, P7-l05 and 3 more 2017-06-06 6.9 MEDIUM 7.8 HIGH
The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application.
CVE-2016-8271 1 Huawei 2 Espace Iad, Espace Iad Firmware 2017-05-02 5.0 MEDIUM 5.3 MEDIUM
Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL.
CVE-2015-8223 1 Huawei 4 P7, P7 Firmware, P8 Ale-ul00 and 1 more 2017-04-25 4.9 MEDIUM 5.5 MEDIUM
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver.
CVE-2015-7740 1 Huawei 4 P7, P7 Firmware, P8 Ale-ul00 and 1 more 2017-04-25 4.9 MEDIUM 5.5 MEDIUM
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.
CVE-2016-8790 1 Huawei 10 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 7 more 2017-04-10 5.5 MEDIUM 5.7 MEDIUM
Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot.
CVE-2016-8773 1 Huawei 16 S12700, S12700 Firmware, S5300 and 13 more 2017-04-10 5.0 MEDIUM 7.5 HIGH
Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets.
CVE-2016-2404 1 Huawei 12 Acu2, Acu2 Firmware, S12700 and 9 more 2017-04-10 6.0 MEDIUM 7.5 HIGH
Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation.
CVE-2014-8572 1 Huawei 25 Ac6605, Ac6605 Firmware, Acu and 22 more 2017-04-10 7.8 HIGH 7.5 HIGH
Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service.
CVE-2016-8768 1 Huawei 6 Honor 6, Honor 6 Firmware, Honor 6 Plus and 3 more 2017-04-10 9.3 HIGH 7.8 HIGH
Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.
CVE-2016-8774 1 Huawei 8 Mate 8, Mate 8 Firmware, Mate S and 5 more 2017-04-10 7.2 HIGH 6.7 MEDIUM
The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow.
CVE-2016-8797 1 Huawei 18 Ar3200, Ar3200 Firmware, S12700 and 15 more 2017-04-10 5.0 MEDIUM 7.5 HIGH
Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion.
CVE-2015-7847 1 Huawei 2 E3272s, E3272s Firmware 2017-04-10 4.9 MEDIUM 5.5 MEDIUM
Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack.