Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloudengine_5800_firmware
(Huawei)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-17 | CVE-2020-9102 | There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800,... | Cloudengine_12800_firmware, Cloudengine_5800_firmware, Cloudengine_6800_firmware, Cloudengine_7800_firmware | 3.3 | ||
| 2020-12-24 | CVE-2020-9137 | There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation. | Cloudengine_12800_firmware, Cloudengine_5800_firmware, Cloudengine_6800_firmware, Cloudengine_7800_firmware | 6.7 | ||
| 2020-12-29 | CVE-2020-9124 | There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak. | Cloudengine_12800_firmware, Cloudengine_5800_firmware, Cloudengine_6800_firmware, Cloudengine_7800_firmware | 7.5 | ||
| 2020-12-29 | CVE-2020-9094 | There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. | Cloudengine_12800_firmware, Cloudengine_5800_firmware, Cloudengine_6800_firmware, Cloudengine_7800_firmware | 7.5 | ||
| 2020-12-29 | CVE-2020-9207 | There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service. | Cloudengine_12800_firmware, Cloudengine_5800_firmware, Cloudengine_6800_firmware, Cloudengine_7800_firmware | 7.8 | ||
| 2021-01-13 | CVE-2020-1865 | There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation. | Cloudengine_12800_firmware, Cloudengine_5800_firmware, Cloudengine_6800_firmware, Cloudengine_7800_firmware | 6.5 | ||
| 2021-04-28 | CVE-2021-22332 | There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service. | Cloudengine_12800_firmware, Cloudengine_5800_firmware, Cloudengine_6800_firmware, Cloudengine_7800_firmware | 7.5 | ||
| 2021-05-27 | CVE-2021-22362 | There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions include:CloudEngine 12800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 5800 versions... | Cloudengine_12800_firmware, Cloudengine_5800_firmware, Cloudengine_6800_firmware, Cloudengine_7800_firmware | 5.3 | ||
| 2021-08-23 | CVE-2021-22328 | There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800. | Cloudengine_12800_firmware, Cloudengine_5800_firmware, Cloudengine_6800_firmware, Cloudengine_7800_firmware | 7.5 | ||
| 2021-10-27 | CVE-2021-37122 | There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800. | Cloudengine_12800_firmware, Cloudengine_5800_firmware, Cloudengine_6800_firmware, Cloudengine_7800_firmware | 6.5 |