Filtered by vendor Huawei
Subscriptions
Total
1977 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-2946 | 1 Huawei | 3 E303 Modem, E303 Modem Firmware, Webui | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document. | ||||
CVE-2014-2273 | 1 Huawei | 2 P2-6011, P2-6011 Firmware | 2024-11-21 | N/A |
The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. | ||||
CVE-2014-2271 | 2 Huawei, Wps | 3 P2-6011, P2-6011 Firmware, Wps Office | 2024-11-21 | 8.1 High |
cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. | ||||
CVE-2014-0337 | 1 Huawei | 2 Echo Life, Echo Life Hg8247 Firmware | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view. | ||||
CVE-2013-6786 | 6 Allegrosoft, Dlink, Huawei and 3 more | 7 Rompager, Dsl-2640r, Dsl-2641r and 4 more | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately. | ||||
CVE-2013-6031 | 1 Huawei | 2 E355, E355 Firmware | 2024-11-21 | N/A |
The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings. | ||||
CVE-2013-4633 | 1 Huawei | 1 Seco Versatile Security Manager | 2024-11-21 | N/A |
Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. | ||||
CVE-2013-4632 | 1 Huawei | 1 Access Router | 2024-11-21 | N/A |
The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP phone. | ||||
CVE-2013-4631 | 1 Huawei | 5 Ar 1200, Ar 150, Ar 200 and 2 more | 2024-11-21 | N/A |
Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues. | ||||
CVE-2013-4630 | 1 Huawei | 5 Ar 1200, Ar 150, Ar 200 and 2 more | 2024-11-21 | N/A |
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests. | ||||
CVE-2013-4629 | 1 Huawei | 2 Vp 9610, Vp 9620 | 2024-11-21 | N/A |
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method. | ||||
CVE-2013-4628 | 1 Huawei | 3 Quidway Service Process Unit Board S7700, Quidway Service Process Unit Board S9300, Quidway Service Process Unit Board S9700 | 2024-11-21 | N/A |
The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone. | ||||
CVE-2013-2612 | 1 Huawei | 2 E587, E587 Firmware | 2024-11-21 | 9.8 Critical |
Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. | ||||
CVE-2012-6571 | 1 Huawei | 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more | 2024-11-21 | N/A |
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. | ||||
CVE-2012-6570 | 1 Huawei | 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more | 2024-11-21 | N/A |
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response. | ||||
CVE-2012-6569 | 1 Huawei | 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more | 2024-11-21 | N/A |
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI. | ||||
CVE-2012-6568 | 1 Huawei | 1 Utps | 2024-11-21 | N/A |
Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. | ||||
CVE-2012-5970 | 1 Huawei | 2 E585, E585u-82 | 2024-11-21 | N/A |
The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified vulnerability-scanning software. | ||||
CVE-2012-5969 | 1 Huawei | 2 E585, E585u-82 | 2024-11-21 | N/A |
Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbitrary files via a .. (dot dot) in the req_page parameter to en/sms.cgi. | ||||
CVE-2012-5968 | 1 Huawei | 2 E585, E585u-82 | 2024-11-21 | N/A |
The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network. |