Vulnerabilities (CVE)

Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort, (8) wzVIRTUALSVR_endPortLocal, (9) w ... Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort, (8) wzVIRTUALSVR_endPortLocal, (9) wzVIRTUALSVR_IndexFlag, (10) wzVIRTUALSVR_localIP, (11) wzVIRTUALSVR_startPort, and (12) wzVIRTUALSVR_startPortLocal parameters to rpNATvirsvr_argen_1; (13) Connect_DialFlag, (14) Connect_DialHidden, and (15) Connect_Flag parameters to rpStatus_argen_1; (16) Telephone_select, and (17) wzFirstFlag parameters to rpwizard_1; and (18) wzConnectFlag parameter to rpwizPppoe_1.

Show More

The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access.

atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.

Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability.

Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability.

Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.

Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability.

Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability.

Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module. Impact: Successful exploitation of this vulnerability will affect availability.

Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing.

Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake.

Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality.

Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability.

Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity.

Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability.

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.

The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.

The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.

The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).

The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.

The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.

The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.

There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable.

Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality.

Some Huawei wearables have a permission management vulnerability.

Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory (OOM).