Vulnerabilities (CVE)

Filtered by vendor Huawei Subscribe
Total 1915 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-7959 1 Huawei 2 Espace 7950, Espace 7950 Firmware 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.
CVE-2018-7958 1 Huawei 2 Espace 7950, Espace 7950 Firmware 2024-11-21 5.8 MEDIUM 7.4 HIGH
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.
CVE-2018-7957 1 Huawei 2 Victoria-al00, Victoria-al00 Firmware 2024-11-21 2.1 LOW 3.3 LOW
Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally.
CVE-2018-7956 1 Huawei 7 Mate 20, Mate 20 Firmware, Nova 3 and 4 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.
CVE-2018-7951 1 Huawei 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more 2024-11-21 9.0 HIGH 8.8 HIGH
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
CVE-2018-7950 1 Huawei 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more 2024-11-21 9.0 HIGH 8.8 HIGH
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
CVE-2018-7949 1 Huawei 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more 2024-11-21 4.0 MEDIUM 8.8 HIGH
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
CVE-2018-7947 1 Huawei 2 Emily-al00a, Emily-al00a Firmware 2024-11-21 4.4 MEDIUM 3.9 LOW
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.
CVE-2018-7946 1 Huawei 4 Honor 7a, Honor 7a Firmware, Honor 9 Lite and 1 more 2024-11-21 1.9 LOW 4.3 MEDIUM
There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak.
CVE-2018-7944 1 Huawei 2 Emily-al00a, Emily-al00a Firmware 2024-11-21 7.2 HIGH 6.8 MEDIUM
Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally.
CVE-2018-7943 1 Huawei 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more 2024-11-21 6.5 MEDIUM 8.8 HIGH
There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege.
CVE-2018-7942 1 Huawei 14 1288h V5, 1288h V5 Firmware, 2288h V5 and 11 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.
CVE-2018-7941 1 Huawei 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more 2024-11-21 6.5 MEDIUM 8.8 HIGH
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
CVE-2018-7940 1 Huawei 4 Mate 9, Mate 9 Firmware, Mate 9 Pro and 1 more 2024-11-21 7.2 HIGH 6.2 MEDIUM
Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations.
CVE-2018-7939 1 Huawei 8 G9 Lite, G9 Lite Firmware, Honor 5a and 5 more 2024-11-21 4.9 MEDIUM 4.6 MEDIUM
Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed.
CVE-2018-7938 1 Huawei 2 P10, P10 Firmware 2024-11-21 4.3 MEDIUM 3.3 LOW
P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak.
CVE-2018-7937 1 Huawei 4 Hirouter-cd20, Hirouter-cd20 Firmware, Ws5200-10 and 1 more 2024-11-21 9.3 HIGH 7.8 HIGH
In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.
CVE-2018-7936 1 Huawei 2 Mate 10 Pro, Mate 10 Pro Firmware 2024-11-21 4.9 MEDIUM 4.6 MEDIUM
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed.
CVE-2018-7935 1 Huawei 2 E5573cs-322, E5573cs-322 Firmware 2024-11-21 N/A 5.3 MEDIUM
There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable.
CVE-2018-7934 1 Huawei 2 Mate 10 Pro, Mate 10 Pro Firmware 2024-11-21 7.1 HIGH 5.5 MEDIUM
Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures.