Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-6825

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Sep, 2016 | 19:00
Updated At-06 Aug, 2024 | 01:43
Rejected At-
Credits

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Sep, 2016 | 19:00
Updated At:06 Aug, 2024 | 01:43
Rejected At:
▼CVE Numbering Authority (CNA)

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92504
vdb-entry
x_refsource_BID
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/92504
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/92504
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/92504
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Sep, 2016 | 19:28
Updated At:12 Apr, 2025 | 10:46

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>rh1288_v3_server_firmware>>v100r003c00
cpe:2.3:o:huawei:rh1288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>rh2288_v3_server_firmware>>v100r003c00
cpe:2.3:o:huawei:rh2288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>rh2288h_v3_server_firmware>>v100r003c00
cpe:2.3:o:huawei:rh2288h_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>xh620_v3_server_firmware>>v100r003c00
cpe:2.3:o:huawei:xh620_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>xh622_v3_server_firmware>>v100r003c00
cpe:2.3:o:huawei:xh622_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>xh628_v3_server_firmware>>v100r003c00
cpe:2.3:o:huawei:xh628_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>rh1288_v3_server>>-
cpe:2.3:h:huawei:rh1288_v3_server:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>rh2288_v3_server>>-
cpe:2.3:h:huawei:rh2288_v3_server:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>rh2288h_v3_server>>-
cpe:2.3:h:huawei:rh2288h_v3_server:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>xh620_v3_server>>-
cpe:2.3:h:huawei:xh620_v3_server:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>xh622_v3_server>>-
cpe:2.3:h:huawei:xh622_v3_server:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>xh628_v3_server>>-
cpe:2.3:h:huawei:xh628_v3_server:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-285Primarynvd@nist.gov
CWE ID: CWE-285
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-encve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/92504cve@mitre.org
Third Party Advisory
VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-enaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/92504af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/92504
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/92504
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

197Records found
CVE-2021-36996
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.12%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:27
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of certain virtual information.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2021-37125
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-37118
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.12%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful exploitation of this vulnerability may lead to message leak.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-37133
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.40%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosmagic_uiemuiEMUIHarmonyOSMagic UI
CVE-2021-37096
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:06
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37067
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:03
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality impacted.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-37086
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-8.6||HIGH
EPSS-0.11% / 30.63%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:05
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2021-37075
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.78%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:13
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiharmonyosemuiMagic UIHarmonyOSEMUI
CVE-2021-37100
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.07%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:06
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2021-37010
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 15:27
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-37091
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.63%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:06
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CVE-2021-37050
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.38%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:12
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiharmonyosemuiMagic UIHarmonyOSEMUI
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2015-2251
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.31%
||
7 Day CHG~0.00%
Published-08 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-oceanstor_uds_firmwareoceanstor_udsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2808
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-48.84% / 97.68%
||
7 Day CHG~0.00%
Published-01 Apr, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Action-Not Available
Vendor-n/aopenSUSEHuawei Technologies Co., Ltd.SUSEFujitsu LimitedRed Hat, Inc.IBM CorporationDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-sparc_enterprise_m5000e9000s7700_firmwareoceanstor_s6800toceanstor_18800f_firmwares2750oceanstor_s2600t_firmwarehttp_serveroceanstor_s5600t_firmwaremanagere6000s5700si_firmwares5700hisparc_enterprise_m4000enterprise_linux_server_aussparc_enterprise_m4000_firmwareoceanstor_vis6600t_firmwareoceanstor_s2600toceanstor_hvs85t_firmwares5710eis5710hi_firmwareoceanstor_18800foceanstor_replicationdirectors3700communications_policy_managemente9000_firmwareoceanstor_cseoceanstor_9000oceanstor_s5800ts5700s-lis5710his5720eienterprise_linuxenterprise_linux_servercognos_metrics_manageroceanstor_cse_firmwares5700lite60oceanstor_18800_firmwaresparc_enterprise_m9000sparc_enterprise_m8000s6700s5710ei_firmwareoceanstor_s5800t_firmwarecommunications_application_session_controllersmc2.0ubuntu_linuxs5700li_firmwareoceanstor_18500_firmwareultravrenterprise_linux_server_tusintegrated_lights_out_manager_firmware9700_firmwares2750_firmwares12700sparc_enterprise_m3000_firmwarequidway_s9300linux_enterprise_servers5700eisparc_enterprise_m3000s5700sioceanstor_18500e6000_firmwaresparc_enterprise_m5000_firmwares5700hi_firmwareoceanstor_s5500tpolicy_centerdebian_linuxoceanstor_18800sparc_enterprise_m9000_firmwares6700_firmwareoceanstor_s6800t_firmwares2700opensuseenterprise_linux_desktopsatelliteoceanstor_vis6600tte60_firmwares5700s-li_firmwares5700ei_firmwares7700linux_enterprise_debuginfo9700enterprise_linux_euss12700_firmwarelinux_enterprise_desktopoceanstor_9000_firmwareoceanstor_s5600tlinux_enterprise_software_development_kitoceanstor_s5500t_firmwaresparc_enterprise_m8000_firmwareoceanstor_hvs85ts3700_firmwares2700_firmwares5720ei_firmwares5720hienterprise_linux_workstationquidway_s9300_firmwares5720hi_firmwaren/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-29792
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.40%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 15:04
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CVE-2021-37114
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.97%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIEMUIHarmony OS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-37126
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.26%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-37056
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.82%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 15:45
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2014-9692
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.13%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to figure out the RMCP+ session IDs of users and access the system with forged identities.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-tecal_rh5885h_v3tecal_dh620_v2tecal_ch242_v3tecal_xh320_v2tecal_rh2288h_v2_firmwaretecal_dh628_v2_firmwaretecal_dh320_v2tecal_bh640_v2_firmwaretecal_ch242_firmwaretecal_rh2288h_v2tecal_dh320_v2_firmwaretecal_ch221tecal_ch221_firmwaretecal_rh5885_v3_firmwaretecal_xh311_v2tecal_rh2265_v2_firmwaretecal_rh5885_v2tecal_bh621_v2_firmwaretecal_ch242tecal_xh310_v2tecal_dh621_v2_firmwaretecal_xh621_v2tecal_rh2265_v2tecal_rh2285h_v2_firmwaretecal_ch140tecal_rh1288_v2_firmwaretecal_bh622_v2tecal_dh310_v2_firmwaretecal_rh2288_v2_firmwaretecal_rh2268_v2_firmwaretecal_rh2268_v2tecal_ch240tecal_rh2285_v2_firmwaretecal_bh640_v2tecal_xh311_v2_firmwaretecal_ch220_firmwaretecal_bh620_v2_firmwaretecal_ch222_firmwaretecal_dh620_v2_firmwaretecal_dh628_v2tecal_xh320_v2_firmwaretecal_ch220tecal_ch222tecal_ch121_firmwaretecal_rh2288_v2tecal_xh310_v2_firmwaretecal_rh5885_v2_firmwaretecal_ch240_firmwaretecal_rh2285_v2tecal_bh621_v2tecal_rh2485_v2_firmwaretecal_rh5885h_v3_firmwaretecal_xh621_v2_firmwaretecal_ch140_firmwaretecal_ch121tecal_rh2285h_v2tecal_dh621_v2tecal_bh622_v2_firmwaretecal_dh310_v2tecal_bh620_v2tecal_rh2485_v2tecal_ch242_v3_firmwaretecal_rh5885_v3tecal_rh1288_v2Tecal RH1288 V2,Tecal RH2265 V2,Tecal RH2285 V2,Tecal RH2265 V2,Tecal RH2285H V2,Tecal RH2268 V2,Tecal RH2288 V2,Tecal RH2288H V2,Tecal RH2485 V2,Tecal RH5885 V2,Tecal RH5885 V3,Tecal RH5885H V3,Tecal XH310 V2,Tecal XH311 V2,Tecal XH320 V2,Tecal XH621 V2,Tecal DH310 V2,Tecal DH320 V2,Tecal DH620 V2,Tecal DH621 V2,Tecal DH628 V2,Tecal BH620 V2,Tecal BH621 V2,Tecal BH622 V2,Tecal BH640 V2,Tecal CH121,Tecal CH140,Tecal CH220,Tecal CH221,Tecal CH222,Tecal CH240,Tecal CH242,Tecal CH242 V3, Tecal RH1288 V2 V100R002C00SPC107 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285 V2 V100R002C00SPC115 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285H V2 V100R002C00SPC111 and earlier versions,Tecal RH2268 V2 V100R002C00,Tecal RH2288 V2 V100R002C00SPC117 and earlier versions,Tecal RH2288H V2 V100R002C00SPC115 and earlier versions,Tecal RH2485 V2 V100R002C00SPC502 and earlier versions,Tecal RH5885 V2 V100R001C02SPC109 and earlier versions,Tecal RH5885 V3 V100R003C01SPC102 and earlier versions,Tecal RH5885H V3 V100R003C00SPC102 and earlier versions,Tecal XH310 V2 V100R001C00SPC110 and earlier versions,Tecal XH311 V2 V100R001C00SPC110 and earlier versions,Tecal XH320 V2 V100R001C00SPC110 and earlier versions,Tecal XH621 V2 V100R001C00SPC106 and earlier versions,Tecal DH310 V2 V100R001C00SPC110 and earlier versions,Tecal DH320 V2 V100R001C00SPC106 and earlier versions,Tecal DH620 V2 V100R001C00SPC106 and earlier versions,Tecal DH621 V2 V100R001C00SPC107 and earlier versions,Tecal DH628 V2 V100R001C00SPC107 and earlier versions,Tecal BH620 V2 V100R002C00SPC107 and earlier versions,Tecal BH621 V2 V100R002C00SPC106 and earlier versions,Tecal BH622 V2 V100R002C00SPC110 ?and earlier versions,Tecal BH640 V2 V100R002C00SPC108 and earlier versions,Tecal CH121 V100R001C00SPC180 and earlier versions,Tecal CH140 V100R001C00SPC110 and earlier versions,Tecal CH220 V100R001C00SPC180 and earlier versions,Tecal CH221 V100R001C00SPC180 and earlier versions,Tecal CH222 V100R002C00SPC180 and earlier versions,Te ...[truncated*]
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8570
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.12%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-5310his9312es9306_firmwares9303e_firmware5710eis7700_firmware5300his7712_firmware5310hi_firmwares77005700his12708_firmwares9303_firmwares9300es9700_firmwares9312_firmwares7712s12708s93065710hi_firmwares9300_firmwares9312e_firmware6700ei_firmwares9303es7703s9703_firmwares9712_firmwares7706s12712s9706s9706_firmware6300ei_firmwares12712_firmwares9312s9303s9306e_firmware5700hi_firmware6300ei6700eis7706_firmwares97125310eis7703_firmwares97005710ei_firmwares9300e_firmware5310ei_firmwares9306es93005710his97035300hi_firmwareS9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-9693
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.49%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to execute arbitrary code or restart the system via crafted DNS packets.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-tecal_rh5885h_v3tecal_dh620_v2tecal_ch242_v3tecal_xh320_v2tecal_rh2288h_v2_firmwaretecal_dh628_v2_firmwaretecal_dh320_v2tecal_bh640_v2_firmwaretecal_ch242_firmwaretecal_rh2288h_v2tecal_dh320_v2_firmwaretecal_ch221tecal_ch221_firmwaretecal_rh5885_v3_firmwaretecal_xh311_v2tecal_rh2265_v2_firmwaretecal_rh5885_v2tecal_bh621_v2_firmwaretecal_ch242tecal_xh310_v2tecal_dh621_v2_firmwaretecal_xh621_v2tecal_rh2265_v2tecal_rh2285h_v2_firmwaretecal_ch140tecal_rh1288_v2_firmwaretecal_bh622_v2tecal_dh310_v2_firmwaretecal_rh2288_v2_firmwaretecal_rh2268_v2_firmwaretecal_rh2268_v2tecal_ch240tecal_rh2285_v2_firmwaretecal_bh640_v2tecal_xh311_v2_firmwaretecal_ch220_firmwaretecal_bh620_v2_firmwaretecal_ch222_firmwaretecal_dh620_v2_firmwaretecal_dh628_v2tecal_xh320_v2_firmwaretecal_ch220tecal_ch222tecal_ch121_firmwaretecal_rh2288_v2tecal_xh310_v2_firmwaretecal_rh5885_v2_firmwaretecal_ch240_firmwaretecal_rh2285_v2tecal_bh621_v2tecal_rh2485_v2_firmwaretecal_rh5885h_v3_firmwaretecal_xh621_v2_firmwaretecal_ch140_firmwaretecal_ch121tecal_rh2285h_v2tecal_dh621_v2tecal_bh622_v2_firmwaretecal_dh310_v2tecal_bh620_v2tecal_rh2485_v2tecal_ch242_v3_firmwaretecal_rh5885_v3tecal_rh1288_v2Tecal RH1288 V2,Tecal RH2265 V2,Tecal RH2285 V2,Tecal RH2265 V2,Tecal RH2285H V2,Tecal RH2268 V2,Tecal RH2288 V2,Tecal RH2288H V2,Tecal RH2485 V2,Tecal RH5885 V2,Tecal RH5885 V3,Tecal RH5885H V3,Tecal XH310 V2,Tecal XH311 V2,Tecal XH320 V2,Tecal XH621 V2,Tecal DH310 V2,Tecal DH320 V2,Tecal DH620 V2,Tecal DH621 V2,Tecal DH628 V2,Tecal BH620 V2,Tecal BH621 V2,Tecal BH622 V2,Tecal BH640 V2,Tecal CH121,Tecal CH140,Tecal CH220,Tecal CH221,Tecal CH222,Tecal CH240,Tecal CH242,Tecal CH242 V3, Tecal RH1288 V2 V100R002C00SPC107 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285 V2 V100R002C00SPC115 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285H V2 V100R002C00SPC111 and earlier versions,Tecal RH2268 V2 V100R002C00,Tecal RH2288 V2 V100R002C00SPC117 and earlier versions,Tecal RH2288H V2 V100R002C00SPC115 and earlier versions,Tecal RH2485 V2 V100R002C00SPC502 and earlier versions,Tecal RH5885 V2 V100R001C02SPC109 and earlier versions,Tecal RH5885 V3 V100R003C01SPC102 and earlier versions,Tecal RH5885H V3 V100R003C00SPC102 and earlier versions,Tecal XH310 V2 V100R001C00SPC110 and earlier versions,Tecal XH311 V2 V100R001C00SPC110 and earlier versions,Tecal XH320 V2 V100R001C00SPC110 and earlier versions,Tecal XH621 V2 V100R001C00SPC106 and earlier versions,Tecal DH310 V2 V100R001C00SPC110 and earlier versions,Tecal DH320 V2 V100R001C00SPC106 and earlier versions,Tecal DH620 V2 V100R001C00SPC106 and earlier versions,Tecal DH621 V2 V100R001C00SPC107 and earlier versions,Tecal DH628 V2 V100R001C00SPC107 and earlier versions,Tecal BH620 V2 V100R002C00SPC107 and earlier versions,Tecal BH621 V2 V100R002C00SPC106 and earlier versions,Tecal BH622 V2 V100R002C00SPC110 ?and earlier versions,Tecal BH640 V2 V100R002C00SPC108 and earlier versions,Tecal CH121 V100R001C00SPC180 and earlier versions,Tecal CH140 V100R001C00SPC110 and earlier versions,Tecal CH220 V100R001C00SPC180 and earlier versions,Tecal CH221 V100R001C00SPC180 and earlier versions,Tecal CH222 V100R002C00SPC180 and earlier versions,Te ...[truncated*]
CVE-2016-7109
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 77.57%
||
7 Day CHG~0.00%
Published-07 Sep, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-uman/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2014-9690
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.52%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier's solution is not random enough. As a result, brute force cracking the PIN code is easier. After an attacker cracks the PIN, the attacker can access the Internet via the cracked device.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ws318_firmwarews318WS318 V100R001C01B022 and earlier versions
CWE ID-CWE-332
Insufficient Entropy in PRNG
CVE-2021-22370
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.82%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 13:49
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CVE-2021-22346
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.55%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 20:55
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-22481
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.82%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:21
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Verification errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2021-22322
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.25%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 15:49
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-22371
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.03%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 14:57
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-22475
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.61%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:24
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-22404
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.07%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:21
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Directory traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22313
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 15:19
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Security Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CVE-2021-22443
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 16:58
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random address access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22485
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.82%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:24
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a SSID vulnerability with Wi-Fi network connections in Huawei devices.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2021-22372
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 13:54
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Security Features Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CVE-2021-22325
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.31%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 16:10
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-22486
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:25
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a issue of Unstandardized field names in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2021-22395
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.39%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 18:11
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-22337
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.12%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 19:20
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause leaking of user click data.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CVE-2021-22324
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 16:21
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Credentials Management Errors vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CVE-2021-22412
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 16:46
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random kernel address access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-22473
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.16%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:22
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-287
Improper Authentication
CVE-2018-7977
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-27 Nov, 2018 | 22:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-fusionsphere_openstackFusionSphere OpenStack
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-9228
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-14 Aug, 2020 | 14:43
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusioncomputeFusionCompute
CVE-2020-9143
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.69%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:52
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-22256
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.40%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:38
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2019-5232
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.75%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 19:42
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-vp9630vp9660vp9650_firmwarevp9660_firmwarevp9630_firmwarevp9650VP9630, VP9650, VP9660
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2019-5277
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.68%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 22:55
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-cloudusm-euacloudusm-eua_firmwareCloudUSM-EUA
CVE-2019-5265
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.68%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 17:57
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an improper access control vulnerability. The function incorrectly controls certain access messages, attackers can simulate a sender to steal P2P network information. Successful exploit may cause information leakage.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-p30_firmwarep30P30
CVE-2019-19397
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.68%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 14:19
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s12700s5700_firmwares6700_firmwares9700s7700s12700_firmwares1700_firmwares2700s7700_firmwares9700_firmwares5700s6700s1700s2700_firmwareS12700;S1700;S2700;S5700;S6700;S7700;S9700
CVE-2022-31757
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.40%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 15:05
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found