Versions
V200R008C00
V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800
V200R005C20
V200R010C00SPC300
V200R011C00SPC200
V500R002C00
V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800
V200R002C20
V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50
V200R002C50SPC800PWE
V200R007C00
V100R001C10,V500R002C00,V600R006C00
V200R008C50
V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800
unspecified
V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50
V600R006C00
V200R005C00
V100R001C10,V600R006C00
V200R001C00SPC600
V200R019C00SPC800
V200R001C00SPC700
V100R005C00,V100R005C10,V200R001C00,V200R002C50
V200R006C10
V200R002C10
V200R005C00SPC500,V200R005C01
V200R002C50SPC800
V500R002C00SPC200,V600R006C00
V200R005C00SPC800
V100R003C00,V100R004C10
V200R002C01
V200R010C00SPC600
V200R005C10SPC800,V200R019C00SPC800
Recent CVEs
CVE-2021-40008
There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust.
CVE-2021-37122
There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800.
CVE-2021-22328
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800.
CVE-2021-22332
There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.
CVE-2021-22393
There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal service.
CVE-2019-19414
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
CVE-2019-19413
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.