Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-3221

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-02 Apr, 2017 | 20:00
Updated At-06 Aug, 2024 | 10:35
Rejected At-
Credits

Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process becomes slow and users may be unable to log in to the device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:02 Apr, 2017 | 20:00
Updated At:06 Aug, 2024 | 10:35
Rejected At:
▼CVE Numbering Authority (CNA)

Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process becomes slow and users may be unable to log in to the device.

Affected Products
Vendor
n/a
Product
Eudemon8000E V200R001C01SPC800 and earlier versions
Versions
Affected
  • Eudemon8000E V200R001C01SPC800 and earlier versions
Problem Types
TypeCWE IDDescription
textN/ADoS
Type: text
CWE ID: N/A
Description: DoS
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/hw-325385
x_refsource_CONFIRM
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/hw-325385
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/hw-325385
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/hw-325385
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:02 Apr, 2017 | 20:59
Updated At:20 Apr, 2025 | 01:37

Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process becomes slow and users may be unable to log in to the device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>eudemon8000e_firmware>>Versions up to v200r001c01spc800(inclusive)
cpe:2.3:o:huawei:eudemon8000e_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>eudemon8000e>>-
cpe:2.3:h:huawei:eudemon8000e:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.huawei.com/en/psirt/security-advisories/hw-325385psirt@huawei.com
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/hw-325385af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/hw-325385
Source: psirt@huawei.com
Resource:
Vendor Advisory
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/hw-325385
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

221Records found
CVE-2021-22319
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.58%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 18:11
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-15320
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.61%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-te60te50_firmwarerp200_firmwarerp200te30_firmwarete40_firmwarete50te40te60_firmwarete30TE60TE30TE50TE40RP200
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-7844
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.90%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusionaccessFusionAccess V100R005C10,V100R005C20
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8231
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.06%
||
7 Day CHG~0.00%
Published-11 Jan, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-espace_7950espace_7910n/a
CVE-2015-8230
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.06%
||
7 Day CHG~0.00%
Published-11 Jan, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP packets.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-espace_8950n/a
CVE-2018-7994
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.06%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-nip6600nip6300ips_modulesecospace_usg6600ngfw_modulenip6800usg9500NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2018-7920
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.74%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the socket resource of management interface, leading to a DoS condition.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar2200_firmwarear200ar1200ar160_firmwarear3200_firmwarear2200ar3200ar200_firmwarear1200_firmwarear160AR1200, AR160, AR200, AR2200, AR3200
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-3913
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.06%
||
7 Day CHG~0.00%
Published-08 Jun, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s5720his5700si_firmwares7700_firmwares2300s2750ei_firmwares12700_firmwares5300ei_firmwares7700s5700hi_firmwares5300hi_firmwares5720hi_firmwares9700_firmwares6700ei_firmwares2700_firmwares5700his9300_firmwares5300lis2350ei_firmwares5700li_firmwares3300s5700ei_firmwares5300li_firmwares3700s2300_firmwares2750eis5700eis3300_firmwares12700s5710his6300eis6300ei_firmwares2350eis9700s5700sis5300eis5300sis6700eis5700lis5710hi_firmwares9300s5300si_firmwares3700_firmwares5300his2700n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2800
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.80% / 85.57%
||
7 Day CHG~0.00%
Published-08 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s9700_firmwarecampus_s5300s5300_firmwarecampus_s6700campus_s7700s7700_firmwares9300_firmwarecampus_s5700campus_s9300campus_s6300s6300_firmwares6700_firmwarecampus_s9700s5700_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-9697
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.00%
||
7 Day CHG~0.00%
Published-17 Oct, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-usg9580usg9520usg9560_firmwareusg9560usg9520_firmwareusg9580_firmwaren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-17253
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.82%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 15:00
Updated-05 Aug, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has an out-of-bounds read vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets with specific parameters and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar2200_firmwareusg9560_firmwareviewpoint_9030ips_modulear3200_firmwarear2200te60viewpoint_8660_firmwaresrg3300nip6300_firmwarete30netengine16exar120-s_firmwareusg9560svn5800-c_firmwarengfw_moduledp300ar200-sar120-sar510usg9520ar150-ssemg9811_firmwarete60_firmwaresrg2300secospace_usg6500_firmwaresvn5800ar150_firmwareips_module_firmwaresecospace_usg6600_firmwarear3600ar3200semg9811usg6000vdp300_firmwarear200-s_firmwaretp3106_firmwaresvn5600ar160_firmwareusg6000v_firmwarevp9660_firmwareusg9520_firmwareusg9580netengine16ex_firmwaresecospace_usg6600viewpoint_9030_firmwarear1200te30_firmwarevp9660srg1300srg1300_firmwaresecospace_usg6300srg3300_firmwaresrg2300_firmwarete40ar1200-s_firmwareusg9500te50rse6500nip6600usg9580_firmwarenip6800_firmwaretp3106ar160nip6300secospace_usg6500usg9500_firmwaresvn5800_firmwarear2200-stp3206tp3206_firmwaresvn5600_firmwarear510_firmwarear150-s_firmwarear1200-sar150ngfw_module_firmwarear1200_firmwarear200ar3600_firmwarear2200-s_firmwarenip6800te40_firmwarerse6500_firmwareviewpoint_8660ar200_firmwarenip6600_firmwaresvn5800-cte50_firmwaresecospace_usg6300_firmwareAR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR3600, AR510, DP300, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, NetEngine16EX, RSE6500, SRG1300, SRG2300, SRG3300, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace USG6300, Secospace USG6500, Secospace USG6600, TE30, TE40, TE50, TE60, TP3106, TP3206, USG6000V, USG9500, USG9520, USG9560, USG9580, VP9660, ViewPoint 8660, ViewPoint 9030
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-29791
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.15%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 15:04
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CVE-2022-29790
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.15%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 15:04
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CVE-2017-17252
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.63%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 15:00
Updated-05 Aug, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has an out-of-bounds read vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets with specific parameters and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar2200_firmwareusg9560_firmwareviewpoint_9030ips_modulear3200_firmwarear2200te60viewpoint_8660_firmwaresrg3300nip6300_firmwarete30netengine16exar120-s_firmwareusg9560svn5800-c_firmwarengfw_moduledp300ar200-sar120-sar510usg9520ar150-ssemg9811_firmwarete60_firmwaresrg2300secospace_usg6500_firmwaresvn5800ar150_firmwareips_module_firmwaresecospace_usg6600_firmwarear3600ar3200semg9811usg6000vdp300_firmwarear200-s_firmwaretp3106_firmwaresvn5600ar160_firmwareusg6000v_firmwarevp9660_firmwareusg9520_firmwareusg9580netengine16ex_firmwaresecospace_usg6600viewpoint_9030_firmwarear1200te30_firmwarevp9660srg1300srg1300_firmwaresecospace_usg6300srg3300_firmwaresrg2300_firmwarete40ar1200-s_firmwareusg9500te50rse6500nip6600usg9580_firmwarenip6800_firmwaretp3106ar160nip6300secospace_usg6500usg9500_firmwaresvn5800_firmwarear2200-stp3206tp3206_firmwaresvn5600_firmwarear510_firmwarear150-s_firmwarear1200-sar150ngfw_module_firmwarear1200_firmwarear200ar3600_firmwarear2200-s_firmwarenip6800te40_firmwarerse6500_firmwareviewpoint_8660ar200_firmwarenip6600_firmwaresvn5800-cte50_firmwaresecospace_usg6300_firmwareAR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR3600, AR510, DP300, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, NetEngine16EX, RSE6500, SRG1300, SRG2300, SRG3300, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace USG6300, Secospace USG6500, Secospace USG6600, TE30, TE40, TE50, TE60, TP3106, TP3206, USG6000V, USG9500, USG9520, USG9560, USG9580, VP9660, ViewPoint 8660, ViewPoint 9030
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-17142
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.45%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 19:00
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that attacker can exploit by sending a specially crafted SIP message leading to a process reboot at random.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-viewpoint_9030viewpoint_9030_firmwarete30_firmwaretp3206tp3206_firmwarete60te40dp300_firmwarete30te50tp3106_firmwarerp200_firmwarerse6500espace_u1960_firmwareespace_u1981_firmwaredp300tp3106rp200te40_firmwarerse6500_firmwarete50_firmwareespace_u1960espace_u1981te60_firmwareDP300; RP200; RSE6500; TE30; TE40; TE50; TE60; TP3106; TP3206; ViewPoint 9030; eSpace U1960; eSpace U1981
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17219
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.63%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-te60_firmwarete30_firmwaredp300rp200te40_firmwarete60dp300_firmwarete40te30te50_firmwarete50rp200_firmwareDP300; RP200; TE30; TE40; TE50; TE60
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9213
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.11%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 17:39
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module, NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-secospace_usg6500_firmwarenip6300secospace_usg6500usg9500_firmwaresecospace_usg6600_firmwaresecospace_usg6300nip6300_firmwarengfw_module_firmwareusg9500nip6600ngfw_modulenip6800_firmwarenip6800nip6600_firmwaresecospace_usg6600secospace_usg6300_firmwareNGFW Module;NIP6300;NIP6600;NIP6800;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500
CVE-2020-9120
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.11%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 15:51
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-cloudengine_1800vCloudEngine 1800V
CVE-2016-8773
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.63%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s12700s6300s7700_firmwares12700_firmwares5700s6300_firmwares7700s6700_firmwares5700_firmwares9700_firmwares6700s9700s5300_firmwares9300_firmwares9300s5300S5300,S5700,S6300,S6700,S7700,9300,9700,S12700 S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00,S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00,S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00,S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00,S7700 with software V200R007C00, V200R008C00, V200R009C00,S9300 with software V200R007C00, V200R008C00, V200R009C00,S9700 with software V200R007C00, V200R008C00, V200R009C00 and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15331
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 55.81%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 16:00
Updated-05 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, MAX PRESENCE V100R001C00, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00SPC200, V600R006C00, RSE6500 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, V500R002C00T, V600R006C00, V600R006C00T, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, have an out-of-bounds read vulnerability in H323 protocol. An unauthenticated, remote attacker may send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar2200_firmwareusg9560_firmwareviewpoint_9030ips_modulear3200_firmwarear2200te60srg3300nip6300_firmwarete30netengine16exar120-s_firmwareusg9560svn5800-c_firmwarengfw_moduledp300ar200-sar120-sar510usg9520ar150-ste60_firmwaresrg2300secospace_usg6500_firmwaresvn5800ar150_firmwareips_module_firmwarear3200dp300_firmwarear200-s_firmwaretp3106_firmwaresvn5600ar160_firmwarerp200usg9520_firmwareusg9580netengine16ex_firmwareviewpoint_9030_firmwarear1200te30_firmwaresrg1300srg1300_firmwaresecospace_usg6300srg3300_firmwaresrg2300_firmwarete40smc2.0_firmwarear1200-s_firmwareusg9500te50rse6500nip6600usg9580_firmwarenip6800_firmwaretp3106ar160nip6300secospace_usg6500usg9500_firmwaresvn5800_firmwarear2200-stp3206tp3206_firmwaresvn5600_firmwarear510_firmwarear150-s_firmwarear1200-sar150smc2.0ngfw_module_firmwarear1200_firmwarear200rp200_firmwarear2200-s_firmwarenip6800te40_firmwaremax_presence_firmwarerse6500_firmwarear200_firmwaremax_presencenip6600_firmwaresvn5800-cte50_firmwaresecospace_usg6300_firmwareAR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR510,DP300,IPS Module,MAX PRESENCE,NGFW Module,NIP6300,NIP6600,NIP6800,NetEngine16EX,RP200,RSE6500,SMC2.0,SRG1300,SRG2300,SRG3300,SVN5600,SVN5800,SVN5800-C,Secospace USG6300,Secospace USG6500,TE30,TE40,TE50,TE60,TP3106,TP3206,USG9500,USG9520,USG9560,USG9580,ViewPoint 9030
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-8786
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.68%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 21:00
Updated-06 Aug, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-s12700s5700_firmwares6700_firmwares9700s12700_firmwares9700_firmwares7700_firmwares5700s6700s7700S12700, S5700, S6700, S7700, S9700
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found