Filtered by vendor Huawei
Subscribe
Total
2156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17134 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough an authenticated local attacker may craft specific XML files to the affected products and parse this file which cause to null pointer accessing and result in DoS attacks. | |||||
| CVE-2017-2702 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2019-10-03 | 7.2 HIGH | 6.8 MEDIUM |
| Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone. | |||||
| CVE-2017-15307 | 1 Huawei | 2 Honor 8, Honor 8 Firmware | 2019-10-03 | 1.9 LOW | 2.3 LOW |
| Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information. | |||||
| CVE-2018-7929 | 1 Huawei | 2 Mate Rs, Mate Rs Firmware | 2019-10-03 | 4.6 MEDIUM | 6.8 MEDIUM |
| Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations. | |||||
| CVE-2017-8185 | 1 Huawei | 2 Me906s-158, Me906s-158 Firmware | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code. | |||||
| CVE-2017-15340 | 1 Huawei | 2 Tag-al00, Tag-al00 Firmware | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure. | |||||
| CVE-2018-7956 | 1 Huawei | 7 Mate 20, Mate 20 Firmware, Nova 3 and 4 more | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information. | |||||
| CVE-2017-17218 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. | |||||
| CVE-2017-8173 | 1 Huawei | 12 Maya-l02, Maya-l02 Firmware, Vicky-al00a and 9 more | 2019-10-03 | 2.1 LOW | 4.6 MEDIUM |
| Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | |||||
| CVE-2018-7924 | 1 Huawei | 2 Anne-al00, Anne-al00 Firmware | 2019-10-03 | 2.1 LOW | 2.4 LOW |
| Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone. | |||||
| CVE-2017-17323 | 1 Huawei | 2 Ibmc, Ibmc Firmware | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure. | |||||
| CVE-2018-7926 | 1 Huawei | 2 Watch 2, Watch 2 Firmware | 2019-10-03 | 2.1 LOW | 4.6 MEDIUM |
| Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch. | |||||
| CVE-2017-17141 | 1 Huawei | 16 S12700, S12700 Firmware, S1700 and 13 more | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products. | |||||
| CVE-2017-2707 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2019-10-03 | 5.8 MEDIUM | 7.1 HIGH |
| Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. | |||||
| CVE-2017-17145 | 1 Huawei | 2 Honor V9 Play, Honor V9 Play Firmware | 2019-10-03 | 2.1 LOW | 4.6 MEDIUM |
| Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication. | |||||
| CVE-2017-17150 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack. | |||||
| CVE-2017-8122 | 1 Huawei | 1 Uma | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | |||||
| CVE-2017-17296 | 1 Huawei | 86 Ar120-s, Ar120-s Firmware, Ar1200 and 83 more | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V200R003C20SPC900, V200R003C30SPC200 have a memory leak vulnerability. An unauthenticated, remote attacker may send specially crafted H323 packages to the affected products. Due to not release the allocated memory properly to handle the packets, successful exploit may cause memory leak and some services abnormal. | |||||
| CVE-2017-2708 | 1 Huawei | 2 Nice, Nice Firmware | 2019-10-03 | 4.9 MEDIUM | 4.6 MEDIUM |
| The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. | |||||
| CVE-2018-7990 | 1 Huawei | 2 Mate 10 Pro, Mate 10 Pro Firmware | 2019-10-03 | 4.9 MEDIUM | 4.6 MEDIUM |
| Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP. | |||||