Filtered by vendor Huawei
Subscribe
Total
2282 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2711 | 1 Huawei | 2 P9 Plus, P9 Plus Firmware | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system. | |||||
| CVE-2017-2698 | 1 Huawei | 2 P8, P8 Firmware | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege. | |||||
| CVE-2017-8178 | 1 Huawei | 2 Vicky-al00, Vicky-al00 Firmware | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user to access this email that triggers execution of the code. An exploit could allow the attacker to execute arbitrary script code on the affected device. | |||||
| CVE-2017-8150 | 1 Huawei | 8 P10, P10 Firmware, P10 Plus and 5 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory writing in the next system reboot, causing continuous system reboot or arbitrary code execution. | |||||
| CVE-2017-2730 | 2 Apple, Huawei | 3 Iphone Os, Hilink, Tech Support | 2025-04-20 | 2.9 LOW | 3.5 LOW |
| HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version. | |||||
| CVE-2015-8332 | 1 Huawei | 4 Vcm5010, Vcm5010 Firmware, Vcm5020 and 1 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability." | |||||
| CVE-2016-8763 | 1 Huawei | 6 P8 Lite, P8 Lite Firmware, P9 and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows attackers to cause a system restart or privilege elevation. | |||||
| CVE-2016-8768 | 1 Huawei | 6 Honor 6, Honor 6 Firmware, Honor 6 Plus and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege. | |||||
| CVE-2016-2406 | 1 Huawei | 1 Document Security Management | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button. | |||||
| CVE-2017-15322 | 1 Huawei | 2 Baggio-l03a, Baggio-l03a Firmware | 2025-04-20 | 3.3 LOW | 6.5 MEDIUM |
| Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device. Successful exploit could make a service crash. | |||||
| CVE-2017-15319 | 1 Huawei | 10 Rp200, Rp200 Firmware, Te30 and 7 more | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | |||||
| CVE-2015-6592 | 1 Huawei | 2 Uap2105, Uap2105 Firmware | 2025-04-20 | 7.2 HIGH | 6.8 MEDIUM |
| Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. | |||||
| CVE-2017-2729 | 1 Huawei | 4 Honor 5a, Honor 5a Firmware, P8 Lite and 1 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier than CAM-UL00C00B193 have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. | |||||
| CVE-2016-8754 | 1 Huawei | 2 Oceanstor 5600 V3, Oceanstor 5600 V3 Firmware | 2025-04-20 | 5.4 MEDIUM | 7.5 HIGH |
| Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH. | |||||
| CVE-2017-8203 | 1 Huawei | 4 Nova 2, Nova 2 Firmware, Nova 2 Plus and 1 more | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. An attacker can convince a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. | |||||
| CVE-2017-8162 | 1 Huawei | 34 Ar120-s, Ar120-s Firmware, Ar1200 and 31 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR150-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR160 with software V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR200 with software V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30,AR200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 with software V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR2200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30,AR510 with software V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30,NetEngine16EX with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,SMC2.0 with software V100R003C10, V100R005C00, V500R002C00, V600R006C00,SRG1300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG2300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG3300 with software V200R006C10, V200R007C00, V200R008C20, V200R008C30 have a DoS vulnerability. Due to incorrect malformed message processing logic, an authenticated, remote attacker could send specially crafted message to the target device.Successful exploit of the vulnerability could cause stack overflow and make a service unavailable. | |||||
| CVE-2016-8758 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart). | |||||
| CVE-2014-9694 | 1 Huawei | 64 Tecal Bh620 V2, Tecal Bh620 V2 Firmware, Tecal Bh621 V2 and 61 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions have a CSRF vulnerability. The products do not use the Token mechanism for web access control. When users log in to the Huawei servers and access websites containing the malicious CSRF script, the CSRF script is executed, which may cause configuration tampering and system restart. | |||||
| CVE-2017-8201 | 1 Huawei | 6 Max Presence, Max Presence Firmware, Tp3106 and 3 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition. | |||||
| CVE-2017-2728 | 1 Huawei | 2 Honor 6x, Honor 6x Firmware | 2025-04-20 | 6.9 MEDIUM | 6.4 MEDIUM |
| Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen. | |||||