Filtered by vendor Huawei
Subscriptions
Total
2205 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46867 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-10 | 7.5 High |
| The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access. | ||||
| CVE-2022-46762 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | 7.5 High |
| The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-46761 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | 7.5 High |
| The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons. | ||||
| CVE-2022-47976 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | 7.5 High |
| The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections. | ||||
| CVE-2022-47975 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | 7.5 High |
| The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability. | ||||
| CVE-2022-47974 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | 6.5 Medium |
| The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart. | ||||
| CVE-2009-2274 | 1 Huawei | 1 D100 | 2025-04-09 | N/A |
| The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents. | ||||
| CVE-2009-2272 | 1 Huawei | 2 D100, D100 Firmware | 2025-04-09 | 7.5 High |
| The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors. | ||||
| CVE-2009-2273 | 1 Huawei | 2 D100, D100 Firmware | 2025-04-09 | N/A |
| The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2009-4196 | 1 Huawei | 1 Mt882 V100t002b020 Arg-t | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort, (8) wzVIRTUALSVR_endPortLocal, (9) wzVIRTUALSVR_IndexFlag, (10) wzVIRTUALSVR_localIP, (11) wzVIRTUALSVR_startPort, and (12) wzVIRTUALSVR_startPortLocal parameters to rpNATvirsvr_argen_1; (13) Connect_DialFlag, (14) Connect_DialHidden, and (15) Connect_Flag parameters to rpStatus_argen_1; (16) Telephone_select, and (17) wzFirstFlag parameters to rpwizard_1; and (18) wzConnectFlag parameter to rpwizPppoe_1. | ||||
| CVE-2009-2271 | 1 Huawei | 1 D100 | 2025-04-09 | N/A |
| The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access. | ||||
| CVE-2009-4197 | 1 Huawei | 3 Mt882 Modem, Mt882 Modem Firmware, Mt882 V100t002b020 Arg-t | 2025-04-09 | N/A |
| rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. | ||||
| CVE-2007-0488 | 1 Huawei | 1 Versatile Routing Platform | 2025-04-09 | N/A |
| The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command. | ||||
| CVE-2021-33658 | 2 Huawei, Openatom | 2 Atune, Openeuler | 2025-04-02 | 7.8 High |
| atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. | ||||
| CVE-2024-30417 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-29 | 7.5 High |
| Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-52378 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-29 | 9.8 Critical |
| Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-52540 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | 7.5 High |
| Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-30413 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | 7.5 High |
| Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-27895 | 1 Huawei | 1 Harmonyos | 2025-03-28 | 7.5 High |
| Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2023-52546 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | 7.5 High |
| Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||