VARIoT IoT vulnerabilities database

The SynTP.sys file is part of the Synaptics touchpad driver included with some HP notebook models. HP notebook SynTP.sys file key record code debugging vulnerability, the attacker can exploit the vulnerability to abuse the debugging code of the keylogger component, such as: malware developers can use the logging to disable the registry key registry to enable the keylogger behavior by default, and Users are monitored using native kernel-signed tools that are not detected by security products.

The Vivotek series of web cameras are all network camera products of China VIVOTEK. Vivotek series webcam has a remote stack overflow vulnerability. The vulnerability is due to the failure to properly use the strncpy() function. When the attacker sends an http request, the Content-Length header field exceeds the length limit, causing a buffer overflow.

Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by executing some commands. The attacker can exploit this vulnerability to cause a denial of service. Huawei Secospace USG6600 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Secospace USG6600 is a firewall product of Huawei in China. There is a security vulnerability in Huawei Secospace USG6600 V500R001C30SPC100 version

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei IPS Module and others are all products of China's Huawei (Huawei). Huawei IPS Module is an IPS security device. The NGFW Module is a firewall device. IKEv2 is one of the VPN protocols. There are security vulnerabilities in IKEv2 in many Huawei products. The vulnerability is caused by the program not performing sufficient input verification. The following products and versions are affected: Huawei IPS Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NGFW Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPC500PWE Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NIP6300 ..

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. Synology Router Manager (SRM) Contains a path traversal vulnerability.Information may be tampered with. A directory traversal vulnerability exists in SYNO.FileStation.Extract in versions prior to SRM 1.1.5-6542-4

Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields. Vivo Modem contains an information disclosure vulnerability.Information may be obtained. Vivomodems is an exploit tool for modems. There is a security hole in Vivomodems. There are security holes in Vivo modems

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure. plural Huawei Smartphones contain a vulnerability related to input confirmation.Information may be obtained. HuaweiBerlin-L21HN and Prague-AL00A are all smartphone products of China Huawei. There are information disclosure vulnerabilities in various Huawei phones. Successful use of this vulnerability may result in partial disclosure of information due to failure to adequately verify the message

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet. Huawei HiWallet App Contains an access control vulnerability.Information may be tampered with. Huawei HiWallet APP is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Huawei HiWallet App is a money management (Huawei Wallet) app for mobile phones from the Chinese company Huawei (Huawei)

The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiDuke-L09 is a smartphone from China's Huawei company. The HuaweiDuke-L09 \"Mobile Retrieval\" feature has an authentication bypass vulnerability. The vulnerability is due to the device's failure to properly implement authentication

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei IPS Module and others are all products of China's Huawei (Huawei). Huawei IPS Module is an IPS security device. The NGFW Module is a firewall device. IKEv2 is one of the VPN protocols. There are security vulnerabilities in IKEv2 in many Huawei products. The following products and versions are affected: Huawei IPS Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NGFW Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPC500PWE Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NIP6300 ..

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to write out of bound and restart. plural Huawei The product contains an out-of-bounds write vulnerability.Denial of service (DoS) May be in a state. Huawei AR and SRG series enterprise routers are Huawei's all-in-one routers for small and medium-sized offices or small and medium-sized enterprises. NetEngine16EX is a multi-service network product launched by Huawei. It is mainly used in backbone aggregation and access nodes in various industries. , large and medium-sized campus network exports, large and medium-sized enterprise headquarters or branches and other scenarios. Huawei AR120-S and others are all router products of China Huawei (Huawei). The following products and versions are affected: Huawei AR120-S V200R006C10 Version, V200R007C00 Version; AR1200 V200R006C10 Version, V200R006C13 Version, V200R007C00 Version, V200R007C02 Version; AR1200-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version; AR150 V200R006C10 Version, V200R007C00 Version, V200R007C02 Version; AR150-S V200R006C10 Version, V200R007C00 Version; AR160 V200R006C10 Version, V200R006C12 Version, V200R007C00 Version, V200R007C02 Version; AR200 V200R006C10 Version, V200R007C00 Version; AR200-S V200R006C10 Version, V200R007C00 Version; AR2200 V200R006C10 Version, V200R006C13 Version, V200R006C16PWE Version, V200R007C00 Version, V200R007C02 Version; AR2200-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version; AR3200 V200R006C10 Version, V200R006C11 Version, V200R007C00 Version, V200R007C02 Version; AR3600 V200R006C10 Version, V200R007C00 Version; AR510 V200R006C12 Version, V200R006C13 Version, V200R006C15 Version, V200R006C16 Version , V200R006C17 version, V200R007C00 version; NetEngine16EX

Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart. HuaweiMT8-EMUI4.1 and NTS-AL00 are all smartphones of China's Huawei company. HuaweiMT8-EMUI4.1 and NTS-AL00 have a denial of service vulnerability. Both Huawei MT8-EMUI4.1 and NTS-AL00 are smartphone products of China Huawei (Huawei). The following products and versions are affected: Huawei MT8-EMUI4.1 NXT-AL10C00B386 version, NXT-CL00C92B386 version, NXT-DL00C17B386 version, NXT-TL00C01B386SP01 version; NTS-AL00 NTS-AL00C00B535 version

Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. Huawei Secospace USG6600 and Secospace USG6600 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Huawei Secospace USG6600 and USG9500 are firewall products of Huawei. The following products and versions are affected: Huawei Secospace USG6600 version V500R001C30SPC100, version V500R001C30SPC200, version V500R001C30SPC300; USG9500 version V500R001C30SPC100, version V500R001C30SPC200, version V500R001

Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, RP200, and TE30/40/50/60 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A number of Huawei products, the Timergrp module, have a denial of service vulnerability because the program failed to fully check the parameters. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. Timergrp module is one of the timing modules. The Timergrp module in several Huawei products has a denial-of-service vulnerability. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Huawei DP300 V500R002C00 have an integer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks. Huawei DP300 Contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. The HuaweiDP300XML parser has an integer overflow vulnerability, which is due to the XML parser not fully verifying the received content. Multiple Huawei Products are prone to multiple local integer-overflow vulnerabilities. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed

Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks. Huawei DP300 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. The HuaweiDP300XML parser has a denial of service vulnerability because the product was not fully verified when calling malloc to request memory. Mutiple Huawei Products are prone to local denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. There is a denial of service vulnerability in the Huawei DP300 V500R002C00 version

Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR120-S is a router product of China Huawei. A number of Huawei products H323 protocol has an input verification vulnerability. Huawei AR 100 and others are the AR series enterprise routers of China Huawei (Huawei). The following products are affected: Huawei AR100; AR100-S; AR110-S; AR120; AR120-S; AR1200; AR510;DP300;NetEngine16EX;RP200;SRG1300;SRG2300;SRG3300;TE30;TE40;TE50;TE60;TP3106;TP3206;ViewPoint 8660;ViewPoint 9030

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds write vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory write, which may further lead to system exceptions. plural Huawei There are vulnerabilities related to input validation and out-of-bounds writing in the product.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei IPS Module and others are all products of China's Huawei (Huawei). Huawei IPS Module is an IPS security device. The NGFW Module is a firewall device. IKEv2 is one of the VPN protocols. There are security vulnerabilities in IKEv2 in many Huawei products. The following products and versions are affected: Huawei IPS Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NGFW Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPC500PWE Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NIP6300 ..

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has a memory leak vulnerability due to memory release failure resulted from insufficient input validation. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei IPS Module and others are all products of China's Huawei (Huawei). Huawei IPS Module is an IPS security device. The NGFW Module is a firewall device. IKEv2 is one of the VPN protocols. IKEv2 in many Huawei products has a memory leak vulnerability, which is caused by the program not fully verifying the received packets. The following products and versions are affected: Huawei IPS Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NGFW Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPC500PWE Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NIP6300 ..

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to incompliance with the 4-byte alignment requirement imposed by the MIPS CPU. An attacker could exploit it to cause unauthorized memory access, which may further lead to system exceptions. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei IPS Module and others are all products of China's Huawei (Huawei). Huawei IPS Module is an IPS security device. The NGFW Module is a firewall device. IKEv2 is one of the VPN protocols. IKEv2 in many Huawei products has a security vulnerability. The following products and versions are affected: Huawei IPS Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NGFW Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPC500PWE Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NIP6300 ..