CVE-2014-4705
https://notcve.org/view.php?id=CVE-2014-4705
Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. Múltiples desbordamientos de búfer basados en memoria dinámica (heap) en la plataforma de software en los switches Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300 y S6700 series; los routers AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300 y SRG3300 series; y los controladores de acceso WLAN AC6005, AC6605 y ACU2 permiten que atacantes remotos provoquen una denegación de servicio (reinicio del dispositivo) mediante un campo length manipulado en un paquete. • http://secunia.com/advisories/59349 http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345171.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-5394
https://notcve.org/view.php?id=CVE-2014-5394
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. Múltiples switches Huawei Campus permiten que los atacantes remotos enumeren los nombres de usuario mediante vectores que involucren el uso de SSH por el terminal de mantenimiento. • http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701 http://www.securityfocus.com/bid/69302 https://exchange.xforce.ibmcloud.com/vulnerabilities/97763 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7846
https://notcve.org/view.php?id=CVE-2015-7846
Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. Huawei S7700, S9700, S9300 en versiones anteriores a la V200R07C00SPC500 y AR200, AR1200, AR2200, AR3200 en versiones anteriores a la V200R005C20SPC200 permite que los atacantes con acceso físico a la tarjeta CF obtengan información sensible. • http://www.securityfocus.com/bid/76173 http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446634.htm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-3913
https://notcve.org/view.php?id=CVE-2015-3913
The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. En varios modelos de switch de la serie Huawei Campus, la pila IP permite a atacantes remotos causar una denegación de servicio (reinicio) a través de un mensaje de solicitud ICMP manipulado. • http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-427449.htm • CWE-20: Improper Input Validation •
CVE-2015-2800
https://notcve.org/view.php?id=CVE-2015-2800
The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation. El módulo de autentificación de usuarios en los switches Huawei Campus S5700, S5300, S6300 y S6700 con un software anterior a V200R001SPH012 y S7700, S9300 y S9700 con una versión de software anterior al V200R001SPH015 permite a atacantes remotos causar un ataque de denegación de servicio (reinicio del dispositivo) mediante vectores involucrados en la autentificación, el cual desencadena una violación de acceso al array. • http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm http://www.securityfocus.com/bid/73355 • CWE-287: Improper Authentication •