Huawei : Security Vulnerabilities, CVEs, (Overflow)

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.

Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.

There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.

There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated.

There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation.

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs.

There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed.

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow.

There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed.

There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.

There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution.

The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.

There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.

There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.

The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access.

The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.