| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-40050 |
125 |
|
Overflow |
2022-03-10 |
2022-03-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow. |
|
2 |
CVE-2021-39979 |
94 |
|
|
2022-01-03 |
2022-01-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. |
|
3 |
CVE-2021-37120 |
415 |
|
|
2022-01-03 |
2022-01-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation. |
|
4 |
CVE-2021-37106 |
77 |
|
|
2021-09-28 |
2022-05-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. |
|
5 |
CVE-2021-37102 |
77 |
|
|
2021-11-23 |
2021-11-26 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. |
|
6 |
CVE-2021-37074 |
362 |
|
|
2021-12-08 |
2021-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation. |
|
7 |
CVE-2021-37045 |
416 |
|
Exec Code |
2021-12-08 |
2022-07-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed. |
|
8 |
CVE-2021-37022 |
787 |
|
Overflow |
2021-11-23 |
2021-11-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated. |
|
9 |
CVE-2021-37011 |
787 |
|
Overflow |
2021-12-07 |
2021-12-09 |
9.4 |
None |
Remote |
Low |
Not required |
Complete |
None |
Complete |
|
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. |
|
10 |
CVE-2021-22439 |
502 |
|
Exec Code |
2021-06-29 |
2021-07-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device. |
|
11 |
CVE-2021-22432 |
119 |
|
Overflow |
2022-02-25 |
2022-03-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. |
|
12 |
CVE-2021-22429 |
119 |
|
Exec Code Overflow |
2022-02-25 |
2022-03-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. |
|
13 |
CVE-2021-22403 |
|
|
Exec Code |
2021-10-28 |
2021-11-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands. |
|
14 |
CVE-2021-22369 |
367 |
|
|
2021-06-30 |
2021-07-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. |
|
15 |
CVE-2021-22333 |
129 |
|
Exec Code |
2021-06-03 |
2021-12-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute, thus obtaining system permissions. |
|
16 |
CVE-2021-22323 |
119 |
|
Overflow |
2021-06-30 |
2021-07-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. |
|
17 |
CVE-2020-9115 |
20 |
|
|
2020-12-01 |
2021-07-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. |
|
18 |
CVE-2019-5242 |
20 |
|
Exec Code |
2019-06-06 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to execute malicious code and read/write memory. |
|
19 |
CVE-2019-5241 |
|
|
|
2019-06-06 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. |
|
20 |
CVE-2017-8197 |
77 |
|
Exec Code |
2017-11-22 |
2017-12-08 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands. |
|
21 |
CVE-2017-8137 |
426 |
|
|
2017-11-22 |
2017-12-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking. |
|
22 |
CVE-2016-8276 |
119 |
|
DoS Exec Code Overflow |
2016-10-03 |
2016-10-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication. |
|
23 |
CVE-2016-7110 |
94 |
|
Exec Code |
2016-09-07 |
2016-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109. |
|
24 |
CVE-2016-7109 |
94 |
|
Exec Code |
2016-09-07 |
2016-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110. |
|
25 |
CVE-2016-6193 |
264 |
|
DoS Overflow +Priv |
2016-08-02 |
2016-08-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192. |
|
26 |
CVE-2016-6192 |
264 |
|
DoS Overflow +Priv |
2016-08-02 |
2016-08-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193. |
|
27 |
CVE-2015-7841 |
77 |
|
Bypass |
2017-10-03 |
2017-10-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command." |
|
28 |
CVE-2013-4633 |
264 |
|
+Priv |
2013-06-20 |
2013-06-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. |
|
29 |
CVE-2012-6570 |
119 |
|
Exec Code Overflow |
2013-06-20 |
2013-06-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response. |
|
30 |
CVE-2012-6569 |
119 |
|
Exec Code Overflow |
2013-06-20 |
2013-06-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI. |
|
31 |
CVE-2009-2271 |
255 |
|
|
2009-07-01 |
2018-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access. |
