Search criteria
12 vulnerabilities found for usg5500_firmware by huawei
FKIE_CVE-2016-8798
Vulnerability from fkie_nvd - Published: 2017-04-02 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@huawei.com | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en | Vendor Advisory | |
| psirt@huawei.com | http://www.securityfocus.com/bid/93891 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93891 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | usg5500_firmware | v300r001c00 | |
| huawei | usg5500_firmware | v300r001c10 | |
| huawei | usg5500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg5500_firmware:v300r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5243A260-97C2-4DCA-BB0D-7F8013531C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg5500_firmware:v300r001c10:*:*:*:*:*:*:*",
"matchCriteriaId": "69BA0DF9-74A3-4BEE-95A4-EBAEDC0EA5E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC12456-351D-4DA4-8576-7FE9157E61DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server."
},
{
"lang": "es",
"value": "Huawei USG5500 con software V300R001C00 y V300R001C00 permiten a atacantes eludir el m\u00f3dulo anti-DDoS del USGs para provocar una condici\u00f3n de denegaci\u00f3n de servicio en el servidor backend."
}
],
"id": "CVE-2016-8798",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-02T20:59:01.890",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en"
},
{
"source": "psirt@huawei.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93891"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-9137
Vulnerability from fkie_nvd - Published: 2017-04-02 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | fusionmanager | v100r002c03 | |
| huawei | fusionmanager | v100r003c00 | |
| huawei | usg9500_firmware | * | |
| huawei | usg9500_firmware | v300r001c00 | |
| huawei | usg9500 | - | |
| huawei | usg2100_firmware | * | |
| huawei | usg2100 | - | |
| huawei | usg2200_firmware | * | |
| huawei | usg2200 | - | |
| huawei | usg5100_firmware | * | |
| huawei | usg5100 | - | |
| huawei | usg5500_firmware | * | |
| huawei | usg5500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:fusionmanager:v100r002c03:*:*:*:*:*:*:*",
"matchCriteriaId": "433EA4EE-77D4-40B7-8DD2-BC8500A498E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:fusionmanager:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "53A333D1-1346-4CF3-A17A-25A8A5A92713",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB84AA3-8F2D-40F4-998F-D8941C38EB15",
"versionEndIncluding": "v200r001c01spc800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v300r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "52132C6A-9B3C-47A1-8889-7B55C3C2A639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C486D62-23FD-4D64-AF97-2A70B1D6B715",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56136202-9759-4A86-A52B-AE841319C4DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg2200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD11D623-1A81-4535-9BA1-1C5A118FE70C",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A78C3EBF-B7B0-4239-95CF-588D78FF6BA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg5100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B881A96B-5B20-44D3-A039-7EFFEFEFFAF8",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5140E0A4-AA43-4410-BE72-7A751B8025D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg5500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1799A24D-062B-4E70-BB59-41B8BC7D0A12",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC12456-351D-4DA4-8576-7FE9157E61DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
},
{
"lang": "es",
"value": "Huawei USG9500 con software V200R001C01SPC800 y versiones anteriores, V300R001C00; USG2100 con software V300R001C00SPC900 y versiones anteriores; USG2200 con software V300R001C00SPC900; USG5100 con software V300R001C00SPC900 podr\u00edan permitir a un atacante remoto no autenticado, llevar a cabo un ataque de CSRF contra el usuario de la interfaz web."
}
],
"id": "CVE-2014-9137",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-02T20:59:00.470",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-9136
Vulnerability from fkie_nvd - Published: 2017-04-02 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | fusionmanager | * | |
| huawei | fusionmanager | * | |
| huawei | usg9500_firmware | * | |
| huawei | usg9500_firmware | * | |
| huawei | usg9500 | - | |
| huawei | usg2100_firmware | * | |
| huawei | usg2100 | - | |
| huawei | usg2200_firmware | * | |
| huawei | usg2200 | - | |
| huawei | usg5100_firmware | * | |
| huawei | usg5100 | - | |
| huawei | usg5500_firmware | * | |
| huawei | usg5500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:fusionmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F27EF98-F5DA-426D-9CDF-8E425A0B212A",
"versionEndIncluding": "v100r002c03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:fusionmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1468F171-852F-4CC1-BA64-340B35501A9B",
"versionEndIncluding": "v100r003c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB84AA3-8F2D-40F4-998F-D8941C38EB15",
"versionEndIncluding": "v200r001c01spc800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F49A05F-6945-4C7D-BA45-3635840485BF",
"versionEndIncluding": "v300r001c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C486D62-23FD-4D64-AF97-2A70B1D6B715",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56136202-9759-4A86-A52B-AE841319C4DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg2200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD11D623-1A81-4535-9BA1-1C5A118FE70C",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A78C3EBF-B7B0-4239-95CF-588D78FF6BA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg5100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B881A96B-5B20-44D3-A039-7EFFEFEFFAF8",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5140E0A4-AA43-4410-BE72-7A751B8025D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg5500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1799A24D-062B-4E70-BB59-41B8BC7D0A12",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC12456-351D-4DA4-8576-7FE9157E61DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
},
{
"lang": "es",
"value": "Huawei FusionManager con software V100R002C03 y V100R003C00 podr\u00edan permitir a un atacante remoto no autenticado, llevar a cabo un ataque de CSRF contra el usuario de la interfaz web."
}
],
"id": "CVE-2014-9136",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-02T20:59:00.453",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6669
Vulnerability from fkie_nvd - Published: 2016-09-22 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | usg2100_firmware | * | |
| huawei | usg2100_firmware | * | |
| huawei | usg2200_firmware | * | |
| huawei | usg2200_firmware | * | |
| huawei | usg5100_firmware | * | |
| huawei | usg5100_firmware | * | |
| huawei | usg5500_firmware | * | |
| huawei | usg5500_firmware | * | |
| huawei | usg2100 | - | |
| huawei | usg2200 | - | |
| huawei | usg5100 | - | |
| huawei | usg5500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F720A197-A45A-4BC4-87ED-26D1E3FD1F40",
"versionEndIncluding": "v300r001c00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AECAEA1-22C8-4E17-91A2-81C3450BC00C",
"versionEndIncluding": "v300r001c10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg2200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "325542AB-7154-4A5B-A85C-62AB251C4AC6",
"versionEndIncluding": "v300r001c00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg2200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1480DC9-5518-43D9-A760-3779FF54C191",
"versionEndIncluding": "v300r001c10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg5100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8132BF37-35B4-4385-A864-006EB5D2021F",
"versionEndIncluding": "v300r001c00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg5100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "254AAB81-1C18-4C3D-A45C-2F0B035767D8",
"versionEndIncluding": "v300r001c10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg5500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95F806D1-25F5-4D38-A9EA-C5E195C645A5",
"versionEndIncluding": "v300r001c00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg5500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "605BC300-CCC1-4846-9848-3FA87256DD64",
"versionEndIncluding": "v300r001c10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56136202-9759-4A86-A52B-AE841319C4DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:usg2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A78C3EBF-B7B0-4239-95CF-588D78FF6BA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:usg5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5140E0A4-AA43-4410-BE72-7A751B8025D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:usg5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC12456-351D-4DA4-8576-7FE9157E61DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el m\u00f3dulo Authentication, Authorization y Accounting (AAA) en las puertas de entrada de seguridad unificadas USG2100, USG2200, USG5100 y USG5500 en Huawei con software en versiones anteriores a V300R001C10SPC600 permite a servidores RADIUS remotos autenticados ejecutar c\u00f3digo arbitrario enviando un paquete EAP manipulado."
}
],
"id": "CVE-2016-6669",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-22T15:59:05.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92441"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-8798 (GCVE-0-2016-8798)
Vulnerability from cvelistv5 – Published: 2017-04-02 20:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.
Severity ?
No CVSS data available.
CWE
- defense mechanism bypass
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | USG5500 V300R001C00 and V300R001C00 |
Affected:
USG5500 V300R001C00 and V300R001C00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:01.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en"
},
{
"name": "93891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "USG5500 V300R001C00 and V300R001C00",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "USG5500 V300R001C00 and V300R001C00"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "defense mechanism bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-03T09:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en"
},
{
"name": "93891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "USG5500 V300R001C00 and V300R001C00",
"version": {
"version_data": [
{
"version_value": "USG5500 V300R001C00 and V300R001C00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "defense mechanism bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en"
},
{
"name": "93891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2016-8798",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2016-10-18T00:00:00",
"dateUpdated": "2024-08-06T02:35:01.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9137 (GCVE-0-2014-9137)
Vulnerability from cvelistv5 – Published: 2017-04-02 20:00 – Updated: 2024-08-06 13:33
VLAI?
Summary
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
Severity ?
No CVSS data available.
CWE
- CSRF
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900, |
Affected:
USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-02T19:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2014-9137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,",
"version": {
"version_data": [
{
"version_value": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-372186",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2014-9137",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2014-11-28T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9136 (GCVE-0-2014-9136)
Vulnerability from cvelistv5 – Published: 2017-04-02 20:00 – Updated: 2024-08-06 13:33
VLAI?
Summary
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
Severity ?
No CVSS data available.
CWE
- CSRF
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions, |
Affected:
FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-02T19:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2014-9136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,",
"version": {
"version_data": [
{
"version_value": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-372186",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2014-9136",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2014-11-28T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6669 (GCVE-0-2016-6669)
Vulnerability from cvelistv5 – Published: 2016-09-22 15:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92441"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6669",
"datePublished": "2016-09-22T15:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8798 (GCVE-0-2016-8798)
Vulnerability from nvd – Published: 2017-04-02 20:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.
Severity ?
No CVSS data available.
CWE
- defense mechanism bypass
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | USG5500 V300R001C00 and V300R001C00 |
Affected:
USG5500 V300R001C00 and V300R001C00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:01.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en"
},
{
"name": "93891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "USG5500 V300R001C00 and V300R001C00",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "USG5500 V300R001C00 and V300R001C00"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "defense mechanism bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-03T09:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en"
},
{
"name": "93891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "USG5500 V300R001C00 and V300R001C00",
"version": {
"version_data": [
{
"version_value": "USG5500 V300R001C00 and V300R001C00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "defense mechanism bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en"
},
{
"name": "93891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2016-8798",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2016-10-18T00:00:00",
"dateUpdated": "2024-08-06T02:35:01.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9137 (GCVE-0-2014-9137)
Vulnerability from nvd – Published: 2017-04-02 20:00 – Updated: 2024-08-06 13:33
VLAI?
Summary
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
Severity ?
No CVSS data available.
CWE
- CSRF
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900, |
Affected:
USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-02T19:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2014-9137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,",
"version": {
"version_data": [
{
"version_value": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-372186",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2014-9137",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2014-11-28T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9136 (GCVE-0-2014-9136)
Vulnerability from nvd – Published: 2017-04-02 20:00 – Updated: 2024-08-06 13:33
VLAI?
Summary
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
Severity ?
No CVSS data available.
CWE
- CSRF
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions, |
Affected:
FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-02T19:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2014-9136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,",
"version": {
"version_data": [
{
"version_value": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-372186",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2014-9136",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2014-11-28T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6669 (GCVE-0-2016-6669)
Vulnerability from nvd – Published: 2016-09-22 15:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92441"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6669",
"datePublished": "2016-09-22T15:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}