| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-7976 |
79 |
|
XSS |
2018-06-01 |
2018-07-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. |
|
2 |
CVE-2018-7921 |
200 |
|
+Info |
2018-09-12 |
2018-11-19 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information. |
|
3 |
CVE-2017-15322 |
20 |
|
|
2017-12-22 |
2018-01-09 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device. Successful exploit could make a service crash. |
|
4 |
CVE-2017-15312 |
79 |
|
XSS |
2017-12-22 |
2018-01-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device. |
|
5 |
CVE-2017-8189 |
22 |
|
Dir. Trav. |
2017-11-22 |
2017-12-08 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal. |
|
6 |
CVE-2017-8168 |
200 |
|
+Info |
2017-11-22 |
2017-12-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the internal network may obtain sensitive information transmitted. |
|
7 |
CVE-2017-2717 |
190 |
|
Overflow |
2017-11-22 |
2017-12-11 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a response message to the device, which contains an illegal length field, it could produce an integer overflow and restart the modem system. |
|
8 |
CVE-2016-8784 |
399 |
|
|
2018-03-09 |
2018-03-26 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet, resulting in memory leak. |
|
9 |
CVE-2016-8275 |
20 |
|
|
2017-04-02 |
2017-04-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb. |
|
10 |
CVE-2016-5850 |
79 |
|
XSS |
2016-07-12 |
2016-07-14 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
11 |
CVE-2016-4058 |
79 |
|
XSS |
2016-09-27 |
2016-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." |
|
12 |
CVE-2015-2253 |
200 |
|
+Info |
2017-06-08 |
2017-06-20 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. |
|
13 |
CVE-2013-4628 |
200 |
|
+Info |
2013-06-20 |
2013-06-21 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone. |
