huawei security advisories
22 threat alerts tracking vulnerabilities and security advisories that affect huawei products.
Vulnios monitors huawei CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent huawei security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2016-8276 — huawei — usg2100, usg2200
Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP
criticalCVE-2016-8276Critical Vulnerability: CVE-2016-6825 — huawei — rh1288_v3_server_firmware, rh2288_v3_server_firmware
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC6
criticalCVE-2016-6825Critical Vulnerability: CVE-2016-7109 — huawei — uma
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.
criticalCVE-2016-7109Critical Vulnerability: CVE-2016-7110 — huawei — uma
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109.
criticalCVE-2016-7110Critical Vulnerability: CVE-2016-6178 — huawei — ne5000e_firmware, ne5000e
Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devi
criticalCVE-2016-6178Critical Vulnerability: CVE-2016-5365 — huawei — honor_ws851, honor_ws851_firmware
Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWP
criticalCVE-2016-5365Critical Vulnerability: CVE-2016-4576 — huawei — nip6300, nip6300_firmware
Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS800
criticalCVE-2016-4576Critical Vulnerability: CVE-2016-2231 — huawei — mt882_firmware, mt882
The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows
criticalCVE-2016-2231Critical Vulnerability: CVE-2017-2738 — huawei — vcm5010_firmware, vcm5010
VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthe
criticalCVE-2017-2738Critical Vulnerability: CVE-2017-8122 — huawei — uma
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit
criticalCVE-2017-8122Critical Vulnerability: CVE-2017-8129 — huawei — uma
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packet
criticalCVE-2017-8129Critical Vulnerability: CVE-2017-8119 — huawei — uma
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packet
criticalCVE-2017-8119Critical Vulnerability: CVE-2017-8120 — huawei — uma
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packet
criticalCVE-2017-8120Critical Vulnerability: CVE-2017-8117 — huawei — uma
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packet
criticalCVE-2017-8117Critical Vulnerability: CVE-2017-8123 — huawei — uma
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit
criticalCVE-2017-8123Critical Vulnerability: CVE-2017-8128 — huawei — uma
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packet
criticalCVE-2017-8128Critical Vulnerability: CVE-2017-8124 — huawei — uma
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit
criticalCVE-2017-8124Critical Vulnerability: CVE-2017-8126 — huawei — uma
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit
criticalCVE-2017-8126Critical Vulnerability: CVE-2015-7841 — huawei — fusionserver_ch121_v3, fusionserver_ch220_v3
The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100
criticalCVE-2015-7841Critical Vulnerability: CVE-2015-4629 — huawei — e5756s_firmware, e5756s
Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions.
criticalCVE-2015-4629Critical Vulnerability: CVE-2014-9693 — huawei — tecal_rh1288_v2_firmware, tecal_rh1288_v2
Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R0
criticalCVE-2014-9693Critical Vulnerability: CVE-2016-6206 — huawei — ar3200_firmware, ar3200
Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet.
criticalCVE-2016-6206
Track huawei exposure across your environment
Vulnios automatically cross-references your asset inventory against new huawei CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan