Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-2800

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Jun, 2017 | 16:00
Updated At-06 Aug, 2024 | 05:24
Rejected At-
Credits

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Jun, 2017 | 16:00
Updated At:06 Aug, 2024 | 05:24
Rejected At:
▼CVE Numbering Authority (CNA)

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/73355
vdb-entry
x_refsource_BID
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/73355
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/73355
vdb-entry
x_refsource_BID
x_transferred
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/73355
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Jun, 2017 | 16:29
Updated At:20 Apr, 2025 | 01:37

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>s5700_firmware>>Versions up to v200r001c00spc300(inclusive)
cpe:2.3:o:huawei:s5700_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>campus_s5700>>-
cpe:2.3:h:huawei:campus_s5700:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>s5300_firmware>>Versions up to v200r001c00spc300(inclusive)
cpe:2.3:o:huawei:s5300_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>campus_s5300>>-
cpe:2.3:h:huawei:campus_s5300:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>s6300_firmware>>Versions up to v200r001c00spc300(inclusive)
cpe:2.3:o:huawei:s6300_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>campus_s6300>>-
cpe:2.3:h:huawei:campus_s6300:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>s6700_firmware>>Versions up to v200r001c00spc300(inclusive)
cpe:2.3:o:huawei:s6700_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>campus_s6700>>-
cpe:2.3:h:huawei:campus_s6700:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>s7700_firmware>>Versions up to v200r001c00spc300(inclusive)
cpe:2.3:o:huawei:s7700_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>campus_s7700>>-
cpe:2.3:h:huawei:campus_s7700:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>s9300_firmware>>Versions up to v200r001c00spc300(inclusive)
cpe:2.3:o:huawei:s9300_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>campus_s9300>>-
cpe:2.3:h:huawei:campus_s9300:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>s9700_firmware>>Versions up to v200r001c00spc300(inclusive)
cpe:2.3:o:huawei:s9700_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>campus_s9700>>-
cpe:2.3:h:huawei:campus_s9700:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htmcve@mitre.org
Third Party Advisory
Vendor Advisory
http://www.securityfocus.com/bid/73355cve@mitre.org
Third Party Advisory
VDB Entry
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htmaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Vendor Advisory
http://www.securityfocus.com/bid/73355af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm
Source: cve@mitre.org
Resource:
Third Party Advisory
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/73355
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/73355
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

219Records found
CVE-2017-17253
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.81%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 15:00
Updated-05 Aug, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has an out-of-bounds read vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets with specific parameters and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar2200_firmwareusg9560_firmwareviewpoint_9030ips_modulear3200_firmwarear2200te60viewpoint_8660_firmwaresrg3300nip6300_firmwarete30netengine16exar120-s_firmwareusg9560svn5800-c_firmwarengfw_moduledp300ar200-sar120-sar510usg9520ar150-ssemg9811_firmwarete60_firmwaresrg2300secospace_usg6500_firmwaresvn5800ar150_firmwareips_module_firmwaresecospace_usg6600_firmwarear3600ar3200semg9811usg6000vdp300_firmwarear200-s_firmwaretp3106_firmwaresvn5600ar160_firmwareusg6000v_firmwarevp9660_firmwareusg9520_firmwareusg9580netengine16ex_firmwaresecospace_usg6600viewpoint_9030_firmwarear1200te30_firmwarevp9660srg1300srg1300_firmwaresecospace_usg6300srg3300_firmwaresrg2300_firmwarete40ar1200-s_firmwareusg9500te50rse6500nip6600usg9580_firmwarenip6800_firmwaretp3106ar160nip6300secospace_usg6500usg9500_firmwaresvn5800_firmwarear2200-stp3206tp3206_firmwaresvn5600_firmwarear510_firmwarear150-s_firmwarear1200-sar150ngfw_module_firmwarear1200_firmwarear200ar3600_firmwarear2200-s_firmwarenip6800te40_firmwarerse6500_firmwareviewpoint_8660ar200_firmwarenip6600_firmwaresvn5800-cte50_firmwaresecospace_usg6300_firmwareAR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR3600, AR510, DP300, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, NetEngine16EX, RSE6500, SRG1300, SRG2300, SRG3300, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace USG6300, Secospace USG6500, Secospace USG6600, TE30, TE40, TE50, TE60, TP3106, TP3206, USG6000V, USG9500, USG9520, USG9560, USG9580, VP9660, ViewPoint 8660, ViewPoint 9030
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-15320
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.59%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-te60te50_firmwarerp200_firmwarerp200te30_firmwarete40_firmwarete50te40te60_firmwarete30TE60TE30TE50TE40RP200
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-15341
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.58%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 16:00
Updated-05 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-te60_firmwarear3200_firmwarete40_firmwarete60ar3200te40te50_firmwarete50AR3200,TE40,TE50,TE60
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-15349
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 39.14%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 16:00
Updated-05 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 6800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Resource ReServation Protocol (RSVP) packets to the affected products. Due to not release the memory to handle the packets, successful exploit will result in memory leak of the affected products and lead to a DoS condition.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-cloudengine_7800cloudengine_5800_firmwarecloudengine_5800cloudengine_6800_firmwarecloudengine_6800cloudengine_7800_firmwarecloudengine_12800cloudengine_12800_firmwareCloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800,
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-15342
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.67%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 16:00
Updated-05 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100 have a denial of service vulnerability. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A remote unauthenticated attacker could send a lot of crafted SSL messages to the device, successful exploit could cause no space in the buffer and then denial of service.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-espace_u1981_firmwaredp300tp3106te60dp300_firmwareespace_u1981te60_firmwaretp3106_firmwareDP300,TE60,TP3106,eSpace U1981
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15348
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.10%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 16:00
Updated-05 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-secospace_usg6500_firmwarenip6300ips_moduleusg9500_firmwaresecospace_usg6500ips_module_firmwaresecospace_usg6600_firmwaresecospace_usg6300nip6300_firmwarengfw_module_firmwareusg9500nip6600ngfw_modulenip6600_firmwaresecospace_usg6600secospace_usg6300_firmwareIPS Module,NGFW Module,NIP6300,NIP6600,Secospace USG6300,Secospace USG6500,Secospace USG6600,USG9500,
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15319
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.59%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-te60te50_firmwarerp200_firmwarerp200te30_firmwarete40_firmwarete50te40te60_firmwarete30TE60TE30TE50TE40RP200
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-15343
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.00%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 16:00
Updated-05 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could system reboot.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar1200_firmwarear3200ar120-s_firmwarear3200_firmwareAR3200
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-37012
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.88%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:25
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CVE-2016-8773
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.62%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s12700s6300s7700_firmwares12700_firmwares5700s6300_firmwares7700s6700_firmwares5700_firmwares9700_firmwares6700s9700s5300_firmwares9300_firmwares9300s5300S5300,S5700,S6300,S6700,S7700,9300,9700,S12700 S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00,S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00,S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00,S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00,S7700 with software V200R007C00, V200R008C00, V200R009C00,S9300 with software V200R007C00, V200R008C00, V200R009C00,S9700 with software V200R007C00, V200R008C00, V200R009C00 and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00
CWE ID-CWE-20
Improper Input Validation
CVE-2016-8786
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.67%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 21:00
Updated-06 Aug, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-s12700s5700_firmwares6700_firmwares9700s12700_firmwares9700_firmwares7700_firmwares5700s6700s7700S12700, S5700, S6700, S7700, S9700
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1803
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.50%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 19:42
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-honor_v20_firmwarehonor_v20Honor V20
CWE ID-CWE-287
Improper Authentication
CVE-2020-1842
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.17%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 03:03
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-osca-550x_firmwareosca-550axhege-560osca-550osca-550a_firmwareosca-550xosca-550ax_firmwareosca-550_firmwareosca-550ahege-560_firmwareOSCA-550, OSCA-550AHEGE-560OSCA-550AX, OSCA-550X
CWE ID-CWE-287
Improper Authentication
CVE-2020-1788
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 29.15%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 22:49
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-honor_v30honor_v30_firmwareHonor V30
CWE ID-CWE-287
Improper Authentication
CVE-2020-1787
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.6||MEDIUM
EPSS-0.05% / 15.61%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 16:44
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user's desktop in an instant, without unlocking the screen lock of the host user.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mate_20mate_20_firmwareHUAWEI Mate 20
CWE ID-CWE-287
Improper Authentication
CVE-2020-1789
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.17%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 02:50
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-osca-550x_firmwareosca-550axosca-550osca-550a_firmwareosca-550xosca-550ax_firmwareosca-550_firmwareosca-550aOSCA-550, OSCA-550A, OSCA-550AX, OSCA-550X
CWE ID-CWE-287
Improper Authentication
CVE-2020-1864
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-8.1||HIGH
EPSS-0.38% / 58.53%
||
7 Day CHG~0.00%
Published-20 Mar, 2020 | 14:58
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-secospace_antiddos8000secospace_antiddos8000_firmwareSecospace AntiDDoS8000
CWE ID-CWE-287
Improper Authentication
CVE-2020-1794
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.06% / 16.92%
||
7 Day CHG~0.00%
Published-20 Mar, 2020 | 15:00
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_30_promate_30_pro_firmwaremate_20mate_20_firmwareHUAWEI Mate 20;HUAWEI Mate 30 Pro
CWE ID-CWE-287
Improper Authentication
CVE-2020-1798
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-29 May, 2020 | 19:01
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user's privilege.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-p30_firmwarep30HUAWEI P30
CWE ID-CWE-287
Improper Authentication
CVE-2020-1878
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.25%
||
7 Day CHG~0.00%
Published-20 Mar, 2020 | 14:50
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-oxfords-an00aoxfords-an00a_firmwareOxfordS-AN00A
CWE ID-CWE-287
Improper Authentication
CVE-2020-1840
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6||MEDIUM
EPSS-0.05% / 16.40%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 18:14
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8)

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_20mate_20_firmwareHUAWEI Mate 20
CWE ID-CWE-287
Improper Authentication
CVE-2020-1812
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.14%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 02:37
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-p30_firmwarep30HUAWEI P30
CWE ID-CWE-287
Improper Authentication
CVE-2020-1801
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 29.15%
||
7 Day CHG~0.00%
Published-10 Apr, 2020 | 14:04
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2).

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_30_promate_30mate_30_pro_firmwaremate_30_firmwareMate 30 Pro;Mate 30
CWE ID-CWE-287
Improper Authentication
CVE-2020-1786
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 17:13
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mate_20_promate_20_pro_firmwareHUAWEI Mate 20 Pro
CWE ID-CWE-287
Improper Authentication
CVE-2020-1838
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.68%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 18:08
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_30_promate_30_pro_firmwareHUAWEI Mate 30 Pro
CWE ID-CWE-287
Improper Authentication
CVE-2023-0117
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.21%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-15 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUIHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2022-48314
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.30%
||
7 Day CHG~0.00%
Published-16 Apr, 2023 | 07:11
Updated-06 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2022-48496
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.14%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2022-48494
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.14%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2022-46316
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2022-46313
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.21%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2022-41579
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.52%
||
7 Day CHG~0.00%
Published-28 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an insufficient authentication vulnerability in some Huawei band products. Successful exploit could allow the attacker to spoof then connect to the band.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-hota-fara-b19_firmwarehota-fara-b19HOTA-Fara-B19
CWE ID-CWE-287
Improper Authentication
CVE-2022-38982
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.45%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2016-6159
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 77.02%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ws331a_router_firmwarews331a_routern/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-1793
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.06% / 16.92%
||
7 Day CHG~0.00%
Published-20 Mar, 2020 | 14:56
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-mate_30_promate_30_pro_firmwaremate_20mate_20_firmwareHUAWEI Mate 20;HUAWEI Mate 30 Pro
CWE ID-CWE-287
Improper Authentication
CVE-2020-1833
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-2.4||LOW
EPSS-0.02% / 4.40%
||
7 Day CHG~0.00%
Published-29 May, 2020 | 19:55
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without unlock the phone.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-honor_9x_firmwarehonor_9xHonor 9X
CWE ID-CWE-287
Improper Authentication
CVE-2015-8332
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.60%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability."

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-vcm5020vcm5020_firmwarevcm5010vcm5010_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-37043
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.36%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:02
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious application processes occupy system resources.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2023-6514
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-8.8||HIGH
EPSS-0.02% / 3.34%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 08:26
Updated-02 Aug, 2024 | 08:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.  Successful exploitation of this vulnerability may allow attackers to access restricted functions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ajmd-370s_firmwareajmd-370sAJMD-370S
CWE ID-CWE-840
Not Available
CWE ID-CWE-287
Improper Authentication
CVE-2021-37100
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.07%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:06
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2021-37123
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 40.26%
||
7 Day CHG~0.00%
Published-11 Oct, 2021 | 15:53
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-hero-ct060_firmwarehero-ct060Hero-CT060
CWE ID-CWE-287
Improper Authentication
CVE-2023-52955
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.30%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 02:00
Updated-13 Jan, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-264
Not Available
CWE ID-CWE-287
Improper Authentication
CVE-2023-52540
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 23.20%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 08:46
Updated-28 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2023-52111
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.83%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 07:55
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-48254
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.01% / 1.41%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a data processing error vulnerability in Leia-B29 2.0.0.49(M03). Successful exploitation could bypass lock screen authentication.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-leia-b29_firmwareleia-b29Leia-B29
CWE ID-CWE-287
Improper Authentication
CVE-2022-48294
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.75%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-287
Improper Authentication
CVE-2022-47976
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.38%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2022-48305
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.40%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-simba-al00_firmwaresimba-al00Simba-AL00
CWE ID-CWE-287
Improper Authentication
CVE-2022-47974
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.26%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2021-22490
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.30%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:25
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found