Huawei : Security Vulnerabilities, CVEs,

The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings.

Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability.

Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability.

Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability.

Command injection vulnerability in the AccountManager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability.

Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity.

Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.

Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability.

Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability.

The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability.

Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Race condition vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability will affect availability.

Input verification vulnerability in the power module. Impact: Successful exploitation of this vulnerability will affect availability.

Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect availability.

Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability.