CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Huawei : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-5722 200 +Info 2016-06-24 2016-06-27
7.5
None Remote Low Not required Partial Partial Partial
OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.
2 CVE-2016-5367 200 +Info 2016-06-14 2016-06-14
5.0
None Remote Low Not required Partial None None
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053.
3 CVE-2016-5233 200 +Info 2016-06-10 2016-06-14
4.3
None Remote Medium Not required Partial None None
Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007.
4 CVE-2015-8682 20 DoS +Info 2016-04-13 2016-04-20
7.8
None Remote Medium Not required Partial None Complete
The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.
5 CVE-2015-8677 399 DoS +Info 2016-04-14 2016-04-28
6.8
None Remote Low Single system None None Complete
Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.
6 CVE-2015-8675 255 +Info 2016-01-15 2016-01-21
2.1
None Local Low Not required Partial None None
Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display.
7 CVE-2015-8336 264 +Info 2016-04-14 2016-05-18
4.0
None Remote Low Single system Partial None None
Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.
8 CVE-2015-8335 200 +Info 2016-01-11 2016-01-11
4.0
None Remote Low Single system Partial None None
Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log.
9 CVE-2015-8303 200 +Info 2016-01-08 2016-01-13
2.1
None Local Low Not required Partial None None
Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file.
10 CVE-2015-8227 20 DoS +Info 2015-11-24 2015-11-25
8.5
None Remote Medium Single system Complete Complete Complete
The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows a remote administrator to obtain sensitive information or cause a denial of service via a crafted message.
11 CVE-2015-3912 200 +Info 2015-05-21 2015-05-22
5.0
None Remote Low Not required Partial None None
Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.
12 CVE-2013-6031 287 +Info 2014-03-11 2014-03-11
4.3
None Local Network Medium Not required Partial Partial None
The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings.
13 CVE-2013-4628 200 +Info 2013-06-20 2013-06-21
3.5
None Remote Medium Single system Partial None None
The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone.
14 CVE-2012-5968 20 +Info 2012-12-19 2013-01-29
4.8
None Local Network Low Not required Partial Partial None
The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network.
15 CVE-2012-3268 200 +Info 2013-02-01 2013-04-04
8.5
None Remote Medium Single system Complete Complete Complete
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.
16 CVE-2009-2274 200 +Info 2009-07-01 2009-07-15
7.8
None Remote Low Not required Complete None None
The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.
17 CVE-2009-2272 310 +Info 2009-07-01 2009-12-04
5.0
None Remote Low Not required Partial None None
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
Total number of vulnerabilities : 17   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.