S12700, S1700,S3700,S5700,S6700,S7700, S9700, ECNS210 TD Security Vulnerabilities

CVE-2014-4190

Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300,...

CVE-2013-4628

The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security...

Huawei Data Communication: Out of Bounds Write Vulnerability in Some Huawei Products (huawei-sa-20211020-01-outofwrite)

There is an out of bounds write vulnerability in some Huawei ...

Cross site scripting

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions...

CVE-2021-37129

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions...

CVE-2021-37129

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions...

Security Advisory - Out of Bounds Write Vulnerability in Some Huawei Products

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition. (Vulnerability ID:...

Multiple Huawei products cross the border to write vulnerabilities

Huawei Ngfw Module is a firewall module from Huawei, China.Huawei IPS Module is an Intrusion Prevention System (IPS) module from Huawei, China.Huawei S5700, Huawei S12700, Huawei S2700 and Huawei The Huawei S5700, Huawei S12700, Huawei S2700 and Huawei S6700 are all enterprise-class switches from.....

Huawei Data Communication: Denial of Service Vulnerability in Huawei Products (huawei-sa-20210512-01-dos)

There is a denial of service vulnerability in Huawei...

Denial of service

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions.....

CVE-2021-22357

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions.....

CVE-2021-22357

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions.....

Huawei Data Communication: Improper Licenses Management Vulnerability in Some Products (huawei-sa-20210407-01-resourcemanagement)

There has a license management vulnerability in some huawei...

CVE-2021-22329

There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....

Design/Logic Flaw

There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....

CVE-2021-22329

There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....

Huawei Data Communication: Command Injection Vulnerability in Huawei Products (huawei-sa-20210602-01-cmdinj)

There is a command injection vulnerability in Huawei...

Command injection

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious...

CVE-2021-22377

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious...

CVE-2021-22377

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious...

Security Advisory - Command Injection Vulnerability in Huawei Products

There is a command injection vulnerability in Huawei products. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service. (Vulnerability ID: HWPSIRT-2020-96403) This...

Huawei Data Communication: Denial of Service Vulnerability in Some Huawei Products (huawei-sa-20210519-02-dos)

There is a denial of service (DoS) vulnerability in some Huawei...

Input validation

There is a denial of service vulnerability in the verisions V200R005C00SPC500 of S5700 and V200R005C00SPC500 of S6700. An attacker could exploit this vulnerability by sending specific message to a targeted device. Due to insufficient input validation, successful exploit can cause the service...

CVE-2021-22359

There is a denial of service vulnerability in the verisions V200R005C00SPC500 of S5700 and V200R005C00SPC500 of S6700. An attacker could exploit this vulnerability by sending specific message to a targeted device. Due to insufficient input validation, successful exploit can cause the service...

CVE-2021-22359

There is a denial of service vulnerability in the verisions V200R005C00SPC500 of S5700 and V200R005C00SPC500 of S6700. An attacker could exploit this vulnerability by sending specific message to a targeted device. Due to insufficient input validation, successful exploit can cause the service...

Huawei S5700 and S5800 Denial of Service Vulnerability

A denial-of-service vulnerability exists in the Huawei S5700 and Huawei S6700, both enterprise switches from Huawei of China. The vulnerability stems from a program that does not properly validate input. An attacker could use the vulnerability to cause a service exception on the target device by...

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some Huawei products. An attacker could exploit this vulnerability by sending specific message to a targeted device. Due to insufficient input validation, successful exploit can cause the service abnormal. (Vulnerability ID: HWPSIRT-2020-24699) This...

Security Advisory - Denial of Service Vulnerability in Huawei Product

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. (Vulnerability ID:...

Security Advisory - Improper Licenses Management Vulnerability in Some Products

There has a license management vulnerability in some huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....

Huawei Data Communication: Use After Free Vulnerability in Huawei Product (huawei-sa-20210210-01-uaf)

There is a use-after-free vulnerability in Huawei...

Design/Logic Flaw

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include.....

CVE-2021-22321

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include.....

CVE-2021-22321

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include.....

Security Advisory - Use After Free Vulnerability in Huawei Product

There is a use-after-free vulnerability in Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. (Vulnerability ID:...

Huawei Data Communication: Out of Bounds Read Vulnerability in Several Products (huawei-sa-20200122-09-eudemon)

There is an out-of-bounds read vulnerability in several...

CVE-2020-1866

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions...

Cross site scripting

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions...

CVE-2020-1866

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions...

One Byte to rule them all

Posted by Brandon Azad, Project Zero One Byte to rule them all, One Byte to type them, One Byte to map them all, and in userspace bind them -- Comment above vm_map_copy_t For the last several years, nearly all iOS kernel exploits have followed the same high-level flow: memory corruption and...

Huawei Data Communication: Buffer Error Vulnerability in Some Huawei Products (huawei-sa-20200102-01-buffer)

There is a buffer error vulnerability in some Huawei...

Huawei Data Communication: Out-Of-Bounds Write Vulnerability on Several Huawei Products (huawei-sa-20180214-01-ospf)

There is an out-of-bounds write vulnerability on several Huawei...

Huawei Data Communication: DoS Vulnerability in Some Huawei Switch Products (huawei-sa-20180103-01-switch)

There is a denial of service (DoS) vulnerability in Some Huawei switch...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20200108-01-rsa)

There is a weak algorithm vulnerability in some Huawei...

Huawei Data Communication: Weak Algorithm Vulnerability in Some Huawei Products (huawei-sa-20190821-02-algorithm)

There is a weak algorithm vulnerability in some Huawei...

Huawei Data Communication: Two DOS Vulnerabilities of XML Parser in Some Huawei Products (huawei-sa-20171201-01-xml)

XML parser have two DOS vulnerabilities in some Huawei...

Huawei Data Communication: Weak Algorithm Vulnerability in Huawei VRP Platform (huawei-sa-20191204-01-vrp)

There is a weak algorithm vulnerability in some Huawei...

Huawei Data Communication: Five Vulnerabilities in Some Huawei Products (huawei-sa-20191211-01-ssp)

There is an out-of-bounds read vulnerability in some Huawei...

Huawei Data Communication: DoS Vulnerability in Some Huawei Products (huawei-sa-20171202-01-pse)

There is a DoS vulnerability caused by memory exhaustion in some Huawei...

Huawei Data Communication: IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability (huawei-sa-20170118-01-ipv6)

There is a vulnerability in the IP Version 6 (IPv6) Neighbor Discovery packet process of multiple products. This VT has been deprecated and is therefore no longer...

Huawei Data Communication: IPv6 Memory Overflow Vulnerability in Huawei Products (huawei-sa-20171213-01-ipv6)

There is a memory overflow vulnerability in the...