RSS   Vulnerabilities for 'Espace 7950 firmware'   RSS

2018-11-27
 
CVE-2018-7960

CWE-319
 

 
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.

 
 
CVE-2018-7959

CWE-327
 

 
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.

 
 
CVE-2018-7958

CWE-287
 

 
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.

 
2018-03-09
 
CVE-2017-17223

CWE-22
 

 
Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash.

 
 
CVE-2017-17222

CWE-20
 

 
Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.

 
 
CVE-2017-17221

CWE-20
 

 
Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.

 
2017-11-22
 
CVE-2017-2722

CWE-20
 

 
DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30 have an input validation vulnerability.A remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial of service or execute arbitrary code.

 

 >>> Vendor: Huawei 651 Products
Versatile routing platform
D100
D100 router
Mt882 v100t002b020 arg-t
Mt882 modem firmware
Mt882 modem
E585
E585u-82
ACU
ATN
Cx200
Cx300
Cx600
Ma5200g
ME60
NE20
Ne20e-x6
NE40
Ne40e
Ne40e/80e
Ne5000e
NE80
Ne80e
S2300
S2700
S3300
S3300hi
S3700
S5300
S5300hi
S5306
S5700
S6300
S6700
S7700
S9300
Wlan ac 6605
Ar 19/29/49
Ar g3
E200 usg2200
E200 usg5100
E200e-b
E200e-c
E200e-usg2100
E200e-x1
E200e-x2
E200x3
E200x5
E200x7
Eudemon1000
Eudemon1000e-u
Eudemon1000e-x
Eudemon100e
Eudemon200
Eudemon300
Eudemon500
Eudemon8000e-x
Eudemon 8080e
Eudemon 8160e
Eudemon usg5300
Eudemon usg5500
Eudemon usg9300
Eudemon usg9500
H3c ar(oem in)
Nip100
Nip1000
Nip200
Nip2100
Nip2200
Nip5100
Svn2000
Svn3000
Svn5000
Svn5300
UTPS
Ar 18-1x
Ar 18-2x
Ar 18-3x
Ar 28/46
S2000
S3000
S3500
S3900
S5100
S5600
S7800
S8500
Quidway service process unit board s7700
Quidway service process unit board s9300
Quidway service process unit board s9700
Vp 9610
Vp 9620
Ar 1200
Ar 150
Ar 200
Ar 2200
Ar 3200
Access router
Seco versatile security manager
Mt882
See all Products for Vendor Huawei


Copyright 2019, cxsecurity.com

 

Back to Top