CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2020-1866
https://notcve.org/view.php?id=CVE-2020-1866
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00. Se presenta una vulnerabilidad de lectura fuera de límites en varios productos. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-17162
https://notcve.org/view.php?id=CVE-2017-17162
Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 tienen una vulnerabilidad de fuga de memoria debido a que la memoria no se libera cuando un atacante local autenticado ejecuta comandos especiales muchas veces. Un atacante podría aprovecharse de esto para provocar una fuga de memoria, lo que podría conducir a excepciones del sistema. • http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-9136
https://notcve.org/view.php?id=CVE-2014-9136
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei FusionManager con software V100R002C03 y V100R003C00 podrían permitir a un atacante remoto no autenticado, llevar a cabo un ataque de CSRF contra el usuario de la interfaz web. • http://www.huawei.com/en/psirt/security-advisories/hw-372186 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-9137
https://notcve.org/view.php?id=CVE-2014-9137
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei USG9500 con software V200R001C01SPC800 y versiones anteriores, V300R001C00; USG2100 con software V300R001C00SPC900 y versiones anteriores; USG2200 con software V300R001C00SPC900; USG5100 con software V300R001C00SPC900 podrían permitir a un atacante remoto no autenticado, llevar a cabo un ataque de CSRF contra el usuario de la interfaz web. • http://www.huawei.com/en/psirt/security-advisories/hw-372186 • CWE-352: Cross-Site Request Forgery (CSRF) •