Vulnerabilities (CVE)

Filtered by vendor Huawei Subscribe
Total 2087 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8159 1 Huawei 8 Agassi-l09hn, Agassi-l09hn Firmware, Agassi-w09hn and 5 more 2025-04-20 9.3 HIGH 7.8 HIGH
Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution.
CVE-2016-8792 1 Huawei 6 Mate 8, Mate 8 Firmware, Mate S and 3 more 2025-04-20 6.2 MEDIUM 7.1 HIGH
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.
CVE-2015-2252 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2025-04-20 9.3 HIGH 8.8 HIGH
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.
CVE-2017-2732 1 Huawei 1 Hilink 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data.
CVE-2017-8204 1 Huawei 2 Honor 9, Honor 9 Firmware 2025-04-20 9.3 HIGH 7.8 HIGH
The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitrary code execution
CVE-2014-4707 1 Huawei 6 Campus S7700, Campus S7700 Firmware, Campus S9300 and 3 more 2025-04-20 7.5 HIGH 8.8 HIGH
Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or bootload software, bypass a Menu protection mechanism, conduct a Menu compromise attack, or bypass a Menu/upgrade protection mechanism.
CVE-2016-8758 1 Huawei 2 Mate 8, Mate 8 Firmware 2025-04-20 7.1 HIGH 5.5 MEDIUM
ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart).
CVE-2017-15317 1 Huawei 30 Ar120-s, Ar120-s Firmware, Ar1200 and 27 more 2025-04-20 7.8 HIGH 7.5 HIGH
AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device, causing the device to read out of bounds and restart.
CVE-2017-2728 1 Huawei 2 Honor 6x, Honor 6x Firmware 2025-04-20 6.9 MEDIUM 6.4 MEDIUM
Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.
CVE-2016-8776 1 Huawei 4 P9, P9 Firmware, P9 Lite and 1 more 2025-04-20 2.1 LOW 4.6 MEDIUM
Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account.
CVE-2017-2710 1 Huawei 4 Beethoven-w09a, Beethoven-w09a Firmware, Crr-l09 and 1 more 2025-04-20 2.1 LOW 4.6 MEDIUM
BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.
CVE-2017-8131 1 Huawei 1 Fusionsphere Openstack 2025-04-20 8.3 HIGH 8.8 HIGH
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
CVE-2016-5822 1 Huawei 1 Oceanstor 5800 V3 2025-04-20 7.8 HIGH 7.5 HIGH
Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets.
CVE-2016-8272 1 Huawei 1 Hisuite 2025-04-20 2.1 LOW 5.3 MEDIUM
Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks.
CVE-2017-14491 13 Arista, Arubanetworks, Canonical and 10 more 29 Eos, Arubaos, Ubuntu Linux and 26 more 2025-04-20 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2017-8149 1 Huawei 4 P10, P10 Firmware, P10 Plus and 1 more 2025-04-20 7.1 HIGH 5.5 MEDIUM
The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. the APP can modify specific data to cause buffer overflow in the next system reboot, causing out-of-bounds memory read which can continuous system reboot.
CVE-2017-2691 1 Huawei 2 P9, P9 Firmware 2025-04-20 7.2 HIGH 6.8 MEDIUM
Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot.
CVE-2017-8117 1 Huawei 1 Uma 2025-04-20 7.5 HIGH 9.8 CRITICAL
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
CVE-2017-2735 1 Huawei 2 Y6 Pro, Y6 Pro Firmware 2025-04-20 5.8 MEDIUM 7.1 HIGH
TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties.
CVE-2017-2702 1 Huawei 2 Mate 9, Mate 9 Firmware 2025-04-20 7.2 HIGH 6.8 MEDIUM
Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone.