Filtered by vendor Huawei
Subscribe
Total
2077 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7921 | 1 Huawei | 2 B315s-22, B315s-22 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information. | |||||
| CVE-2018-7920 | 1 Huawei | 10 Ar1200, Ar1200 Firmware, Ar160 and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the socket resource of management interface, leading to a DoS condition. | |||||
| CVE-2018-7911 | 1 Huawei | 10 Alp-al00b, Alp-al00b-rsc, Alp-al00b-rsc Firmware and 7 more | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | |||||
| CVE-2018-7910 | 1 Huawei | 10 Alp-al00b, Alp-al00b Firmware, Alp-tl00b and 7 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. | |||||
| CVE-2018-7907 | 1 Huawei | 38 Agassi-l09, Agassi-l09 Firmware, Agassi-w09 and 35 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak. | |||||
| CVE-2018-7906 | 1 Huawei | 4 Leland-al00, Leland-al00 Firmware, Lleland-al00a and 1 more | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until restarting the phone. | |||||
| CVE-2018-7904 | 1 Huawei | 4 1288h V5, 1288h V5 Firmware, 2288h V5 and 1 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. | |||||
| CVE-2018-7903 | 1 Huawei | 4 1288h V5, 1288h V5 Firmware, 2288h V5 and 1 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. | |||||
| CVE-2018-7902 | 1 Huawei | 4 1288h V5, 1288h V5 Firmware, 2288h V5 and 1 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. | |||||
| CVE-2018-7901 | 1 Huawei | 4 Alp-al00b, Alp-al00b Firmware, Bla-al00b and 1 more | 2024-11-21 | 5.8 MEDIUM | 4.4 MEDIUM |
| RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely. | |||||
| CVE-2018-7900 | 1 Huawei | 12 Hg8010h, Hg8010h Firmware, Hg8040h and 9 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability. | |||||
| CVE-2018-7899 | 1 Huawei | 4 Berkeley-al20, Berkeley-al20 Firmware, Berkeley-bd and 1 more | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot. | |||||
| CVE-2017-8187 | 1 Huawei | 2 Fusionsphere Openstack, Fusionsphere Openstack Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation. | |||||
| CVE-2017-8176 | 1 Huawei | 2 Iptv Stb, Iptv Stb Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view channels by free. | |||||
| CVE-2017-8165 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation may cause sensitive information leak. | |||||
| CVE-2017-8164 | 1 Huawei | 18 Eva-al10, Eva-al10 Firmware, Eva-cl00 and 15 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636B193; EVA-L09C675B130; EVA-L09C688B143; EVA-L09C703B160; EVA-L09C706B145; EVA-L09GBRC555B171; EVA-L09IRLC368B160; EVA-L19C10B190; EVA-L19C185B220; EVA-L19C20B160; EVA-L19C432B210; EVA-L19C636B190; EVA-L29C20B160; EVA-L29C636B191; EVA-TL00C01B198; VIE-L09C02B131; VIE-L09C109B181; VIE-L09C113B170; VIE-L09C150B170; VIE-L09C25B120; VIE-L09C40B181; VIE-L09C432B181; VIE-L09C55B170; VIE-L09C605B131; VIE-L09ITAC555B130; VIE-L29C10B170; VIE-L29C185B181; VIE-L29C605B131; VIE-L29C636B202 have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable. | |||||
| CVE-2017-8154 | 1 Huawei | 2 Honor 8 Lite, Honor 8 Lite Firmware | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes. | |||||
| CVE-2017-17330 | 1 Huawei | 4 Ar3200, Ar3200 Firmware, Ngfw Module and 1 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory. | |||||
| CVE-2017-17329 | 1 Huawei | 2 Viewpoint 8660, Viewpoint 8660 Firmware | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory. | |||||
| CVE-2017-17328 | 1 Huawei | 2 Mha-al00a, Mha-al00a Firmware | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure. | |||||