CVSS: 5.9EPSS: 0%CPEs: 454EXPL: 0CVE-2017-17151
https://notcve.org/view.php?id=CVE-2017-17151
Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks. Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660 y ViewPoint 9030 tienen una vulnerabilidad de validación insuficiente. Debido a que la validación de paquetes es insuficiente, un atacante no autenticado podría enviar paquetes H323 especiales para explotar la vulnerabilidad. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2015-8672
https://notcve.org/view.php?id=CVE-2015-8672
The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a wireless presentation. El mecanismo de gestión de permisos de transmisión de presentación en terminales de videoconferencia multimedia Huawei TE30, TE40, TE50 y TE60 con software en versiones anteriores a V100R001C10SPC100 permite a atacantes remotos causar una denegación de servicio (corte de la presentación por cable) a través de vectores no especificados que involucran a una presentación inalámbrica. • http://www.huawei.com/en/psirt/security-advisories/hw-462952 • CWE-19: Data Processing Errors •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-8673
https://notcve.org/view.php?id=CVE-2015-8673
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. Terminales de video conferencia multimedia Huawei TE30, TE40, TE50 y TE60 con software en versiones anteriores a V100R001C10SPC100 no requieren introducir la contraseña antigua cuando se cambia la contraseña de la cuenta Debug, lo que permite a atacantes físicamente próximos cambiar las contraseñas mediante el aprovechamiento de una estación de trabajo desatendida. • http://www.huawei.com/en/psirt/security-advisories/hw-462952 • CWE-255: Credentials Management Errors •