Total
33308 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7991 | 1 Huawei | 2 Mate10, Mate10 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page. | |||||
| CVE-2018-7990 | 1 Huawei | 2 Mate 10 Pro, Mate 10 Pro Firmware | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP. | |||||
| CVE-2018-7956 | 1 Huawei | 7 Mate 20, Mate 20 Firmware, Nova 3 and 4 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information. | |||||
| CVE-2018-7944 | 1 Huawei | 2 Emily-al00a, Emily-al00a Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally. | |||||
| CVE-2018-7942 | 1 Huawei | 14 1288h V5, 1288h V5 Firmware, 2288h V5 and 11 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak. | |||||
| CVE-2018-7939 | 1 Huawei | 8 G9 Lite, G9 Lite Firmware, Honor 5a and 5 more | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed. | |||||
| CVE-2018-7937 | 1 Huawei | 4 Hirouter-cd20, Hirouter-cd20 Firmware, Ws5200-10 and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device. | |||||
| CVE-2018-7936 | 1 Huawei | 2 Mate 10 Pro, Mate 10 Pro Firmware | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed. | |||||
| CVE-2018-7931 | 1 Huawei | 1 Appgallery | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism. | |||||
| CVE-2018-7928 | 1 Westerndigital | 1 My Cloud | 2024-11-21 | 3.6 LOW | 4.6 MEDIUM |
| There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed. | |||||
| CVE-2018-7911 | 1 Huawei | 10 Alp-al00b, Alp-al00b-rsc, Alp-al00b-rsc Firmware and 7 more | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | |||||
| CVE-2018-7904 | 1 Huawei | 4 1288h V5, 1288h V5 Firmware, 2288h V5 and 1 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. | |||||
| CVE-2018-7903 | 1 Huawei | 4 1288h V5, 1288h V5 Firmware, 2288h V5 and 1 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. | |||||
| CVE-2018-7902 | 1 Huawei | 4 1288h V5, 1288h V5 Firmware, 2288h V5 and 1 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. | |||||
| CVE-2018-7901 | 1 Huawei | 4 Alp-al00b, Alp-al00b Firmware, Bla-al00b and 1 more | 2024-11-21 | 5.8 MEDIUM | 4.4 MEDIUM |
| RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely. | |||||
| CVE-2018-7850 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software. | |||||
| CVE-2018-7823 | 1 Schneider-electric | 3 Modicon M221, Modicon M221 Firmware, Somachine Basic | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message. | |||||
| CVE-2018-7816 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file. | |||||
| CVE-2018-7793 | 1 Schneider-electric | 4 Foxboro Dcs, Foxboro Evo, Foxview and 1 more | 2024-11-21 | 4.6 MEDIUM | 8.7 HIGH |
| A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission. | |||||
| CVE-2018-7788 | 1 Schneider-electric | 2 Modicon Quantum, Modicon Quantum Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prior to V2.40. which could cause a Denial Of Service when using a Telnet connection. | |||||