Espace 7950 Firmware

espace_7950_firmware

Vendor: Huawei • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-7960 1Huawei 1Espace 7950 Firmware Nov 21, 2024 Nov 27, 2018 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation...Show more There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.Show less
CVE-2018-7959 1Huawei 1Espace 7950 Firmware Nov 21, 2024 Nov 27, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call....Show more There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.Show less
CVE-2018-7958 1Huawei 1Espace 7950 Firmware Nov 21, 2024 Nov 27, 2018 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs u...Show more There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.Show less
CVE-2017-17223 1Huawei 3Espace 7910 Firmware Espace 7950 FirmwareEspace 8950 Firmware Nov 21, 2024 Mar 9, 2018 N/A· v4 8.8 HIGH· v3 8.0 HIGH· v2 Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. D...Show more Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash.Show less
CVE-2017-17222 1Huawei 2Espace 7950 Firmware Espace 8950 Firmware Nov 21, 2024 Mar 9, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the...Show more Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.Show less
CVE-2017-17221 1Huawei 2Espace 7950 Firmware Espace 8950 Firmware Nov 21, 2024 Mar 9, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affec...Show more Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.Show less
CVE-2017-2722 1Huawei 8Dp300 Firmware Ecns210 Td FirmwareEspace 7950 Firmware+5 more May 13, 2026 Nov 22, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD wi...Show more DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30 have an input validation vulnerability.A remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial of service or execute arbitrary code.Show less