HUAWEI Security Vulnerabilities
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated...
9.8CVSS
9.7AI Score
0.002EPSS
The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS...
6.1CVSS
5.8AI Score
0.001EPSS
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated...
9.8CVSS
9.7AI Score
0.002EPSS
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information...
6.5CVSS
6.1AI Score
0.001EPSS
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with...
8.8CVSS
9.2AI Score
0.001EPSS
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with...
8.8CVSS
9.2AI Score
0.001EPSS
HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information...
5.5CVSS
5.4AI Score
0.001EPSS
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious...
3.1CVSS
4.2AI Score
0.0005EPSS
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated...
9.8CVSS
9.7AI Score
0.002EPSS
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information...
2.3CVSS
3.6AI Score
0.0004EPSS
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated...
9.8CVSS
9.7AI Score
0.002EPSS
HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL...
7.8CVSS
7.4AI Score
0.001EPSS
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information...
5.3CVSS
5AI Score
0.001EPSS
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with...
8.8CVSS
9.2AI Score
0.001EPSS
HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate...
6.1CVSS
5.9AI Score
0.001EPSS
VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with...
9.8CVSS
9.5AI Score
0.003EPSS
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated...
9.8CVSS
9.7AI Score
0.002EPSS
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated...
9.8CVSS
9.7AI Score
0.002EPSS
The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS...
6.1CVSS
5.8AI Score
0.001EPSS
honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a response message to the device, which contains an illegal length field, it could produce an integer....
6.5CVSS
6.5AI Score
0.001EPSS
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious...
8.8CVSS
9.2AI Score
0.001EPSS
4.6CVSS
4.8AI Score
0.001EPSS
The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the...
5.5CVSS
5.3AI Score
0.001EPSS
P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large...
5.5CVSS
5.4AI Score
0.001EPSS
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify...
7.8CVSS
7.9AI Score
0.001EPSS
The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier than CAM-UL00C00B193 have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing....
7.8CVSS
7.9AI Score
0.001EPSS
S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them to a device to cause EFM...
5.3CVSS
5.2AI Score
0.001EPSS
HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability...
5.4CVSS
5.3AI Score
0.001EPSS
TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user...
7.1CVSS
6.7AI Score
0.001EPSS
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify...
8.4CVSS
8.6AI Score
0.001EPSS
DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and...
8.8CVSS
8.8AI Score
0.004EPSS
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify...
8.4CVSS
8.6AI Score
0.001EPSS
The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 has buffer overflow vulnerability. An attacker tricks a user into installing a malicious application which has the system privilege of the Android system and sends a specific parameter to the driver of the smart phone, causing a.....
7.8CVSS
7.6AI Score
0.001EPSS
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious...
8.8CVSS
9.2AI Score
0.001EPSS
The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information...
6.7CVSS
6.2AI Score
0.0004EPSS
Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.uawei mobile phones have a...
6.4CVSS
6.3AI Score
0.001EPSS
The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to...
7.8CVSS
7.4AI Score
0.0004EPSS
HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of....
3.5CVSS
5.5AI Score
0.001EPSS
The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) condition in the affected...
8CVSS
8.2AI Score
0.0004EPSS
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information...
5.3CVSS
5.1AI Score
0.001EPSS
Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a privilege escalation vulnerability. An...
4.3CVSS
4.9AI Score
0.001EPSS
Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP...
5.5CVSS
5.3AI Score
0.001EPSS
Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the...
5.5CVSS
5.2AI Score
0.001EPSS
VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection...
7.2CVSS
7.1AI Score
0.001EPSS
VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the...
8.8CVSS
8.5AI Score
0.001EPSS
The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier...
7.8CVSS
8AI Score
0.001EPSS
ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier...
7.8CVSS
7.5AI Score
0.001EPSS
Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before...
6.8CVSS
6.6AI Score
0.001EPSS
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user...
3.3CVSS
4AI Score
0.001EPSS
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to cause some functions of system...
3.3CVSS
4.2AI Score
0.001EPSS