Search criteria
6 vulnerabilities found for dbs3900_tdd_lte_firmware by huawei
CVE-2019-19414 (GCVE-0-2019-19414)
Vulnerability from nvd – Published: 2020-01-21 22:54 – Updated: 2024-08-05 02:16
VLAI?
Summary
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
Severity ?
No CVSS data available.
CWE
- Two Integer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 |
Affected:
V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50
Affected: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800 Affected: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50 Affected: V100R005C00,V100R005C10,V200R001C00,V200R002C50 Affected: V100R003C00,V100R004C10 Affected: V500R002C00 Affected: V500R002C00SPC200,V600R006C00 Affected: V100R001C10,V600R006C00 Affected: V600R006C00 Affected: V100R001C10,V500R002C00,V600R006C00 Affected: unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R003C00,V100R004C10"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "V500R002C00SPC200,V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V600R006C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V500R002C00,V600R006C00"
},
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Two Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T22:54:32",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"version": {
"version_data": [
{
"version_value": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"version_value": "V100R003C00,V100R004C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V500R002C00SPC200,V600R006C00"
},
{
"version_value": "V100R001C10,V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V100R001C10,V500R002C00,V600R006C00"
},
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Two Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19414",
"datePublished": "2020-01-21T22:54:32",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19413 (GCVE-0-2019-19413)
Vulnerability from nvd – Published: 2020-01-21 22:54 – Updated: 2024-08-05 02:16
VLAI?
Summary
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
Severity ?
No CVSS data available.
CWE
- Two Integer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 |
Affected:
V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50
Affected: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800 Affected: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50 Affected: V100R005C00,V100R005C10,V200R001C00,V200R002C50 Affected: V100R003C00,V100R004C10 Affected: V500R002C00 Affected: V500R002C00SPC200,V600R006C00 Affected: V100R001C10,V600R006C00 Affected: V600R006C00 Affected: V100R001C10,V500R002C00,V600R006C00 Affected: unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R003C00,V100R004C10"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "V500R002C00SPC200,V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V600R006C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V500R002C00,V600R006C00"
},
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Two Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T22:54:22",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"version": {
"version_data": [
{
"version_value": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"version_value": "V100R003C00,V100R004C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V500R002C00SPC200,V600R006C00"
},
{
"version_value": "V100R001C10,V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V100R001C10,V500R002C00,V600R006C00"
},
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Two Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19413",
"datePublished": "2020-01-21T22:54:22",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15326 (GCVE-0-2017-15326)
Vulnerability from nvd – Published: 2018-03-23 16:00 – Updated: 2024-09-16 20:53
VLAI?
Summary
DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.
Severity ?
No CVSS data available.
CWE
- weak encryption algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | DBS3900 TDD LTE |
Affected:
V100R003C00, V100R004C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DBS3900 TDD LTE",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R003C00, V100R004C10"
}
]
}
],
"datePublic": "2018-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "weak encryption algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-23T15:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2018-03-21T00:00:00",
"ID": "CVE-2017-15326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DBS3900 TDD LTE",
"version": {
"version_data": [
{
"version_value": "V100R003C00, V100R004C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "weak encryption algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-15326",
"datePublished": "2018-03-23T16:00:00Z",
"dateReserved": "2017-10-14T00:00:00",
"dateUpdated": "2024-09-16T20:53:07.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19414 (GCVE-0-2019-19414)
Vulnerability from cvelistv5 – Published: 2020-01-21 22:54 – Updated: 2024-08-05 02:16
VLAI?
Summary
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
Severity ?
No CVSS data available.
CWE
- Two Integer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 |
Affected:
V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50
Affected: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800 Affected: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50 Affected: V100R005C00,V100R005C10,V200R001C00,V200R002C50 Affected: V100R003C00,V100R004C10 Affected: V500R002C00 Affected: V500R002C00SPC200,V600R006C00 Affected: V100R001C10,V600R006C00 Affected: V600R006C00 Affected: V100R001C10,V500R002C00,V600R006C00 Affected: unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R003C00,V100R004C10"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "V500R002C00SPC200,V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V600R006C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V500R002C00,V600R006C00"
},
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Two Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T22:54:32",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"version": {
"version_data": [
{
"version_value": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"version_value": "V100R003C00,V100R004C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V500R002C00SPC200,V600R006C00"
},
{
"version_value": "V100R001C10,V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V100R001C10,V500R002C00,V600R006C00"
},
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Two Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19414",
"datePublished": "2020-01-21T22:54:32",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19413 (GCVE-0-2019-19413)
Vulnerability from cvelistv5 – Published: 2020-01-21 22:54 – Updated: 2024-08-05 02:16
VLAI?
Summary
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
Severity ?
No CVSS data available.
CWE
- Two Integer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 |
Affected:
V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50
Affected: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800 Affected: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50 Affected: V100R005C00,V100R005C10,V200R001C00,V200R002C50 Affected: V100R003C00,V100R004C10 Affected: V500R002C00 Affected: V500R002C00SPC200,V600R006C00 Affected: V100R001C10,V600R006C00 Affected: V600R006C00 Affected: V100R001C10,V500R002C00,V600R006C00 Affected: unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R003C00,V100R004C10"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "V500R002C00SPC200,V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V600R006C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V500R002C00,V600R006C00"
},
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Two Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T22:54:22",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"version": {
"version_data": [
{
"version_value": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"version_value": "V100R003C00,V100R004C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V500R002C00SPC200,V600R006C00"
},
{
"version_value": "V100R001C10,V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V100R001C10,V500R002C00,V600R006C00"
},
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Two Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19413",
"datePublished": "2020-01-21T22:54:22",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15326 (GCVE-0-2017-15326)
Vulnerability from cvelistv5 – Published: 2018-03-23 16:00 – Updated: 2024-09-16 20:53
VLAI?
Summary
DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.
Severity ?
No CVSS data available.
CWE
- weak encryption algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | DBS3900 TDD LTE |
Affected:
V100R003C00, V100R004C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DBS3900 TDD LTE",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R003C00, V100R004C10"
}
]
}
],
"datePublic": "2018-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "weak encryption algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-23T15:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2018-03-21T00:00:00",
"ID": "CVE-2017-15326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DBS3900 TDD LTE",
"version": {
"version_data": [
{
"version_value": "V100R003C00, V100R004C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "weak encryption algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-15326",
"datePublished": "2018-03-23T16:00:00Z",
"dateReserved": "2017-10-14T00:00:00",
"dateUpdated": "2024-09-16T20:53:07.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}