VARIoT IoT vulnerabilities database

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". Fortinet FortiOS Contains a cryptographic vulnerability.Information may be obtained. Fortinet FortiOS is the American Fortinet ( Fortinet ) company developed a set dedicated to FortiGate A secure operating system on a cybersecurity platform. The system provides users with firewall, antivirus, IPSec/SSL VPN , Web Multiple security features such as content filtering and anti-spam. Fortinet FortiOS 5.4.6 version to 5.4.9 Version, 6.0.0 version and 6.0.1 There is a security hole in the version. Attackers can exploit this vulnerability to obtain TLS session key and decrypt TLS flow

Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. Fortinet FortiClient and FortiClient SSLVPN Client Contains a cryptographic strength vulnerability.Information may be obtained. Fortinet FortiClient for Windows is a Windows-based mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There is a security vulnerability in the Fortinet FortiClient based on the Windows platform. The vulnerability stems from the program's use of static encryption keys and weak encryption algorithms. A remote attacker could exploit this vulnerability to disclose information

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. Fortinet FortiOS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following versions are vulnerable: FortiOS 5.6.0 through 5.6.2 FortiOS 5.4.0 through 5.4.5 FortiOS 5.2 and prior. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. An information disclosure vulnerability exists in Fortinet FortiOS versions 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, and 5.2 and earlier

Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access. Intel is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to execute arbitrary code with elevated privileges. Intel Graphics Driver is an integrated graphics driver developed by Intel Corporation. Content Protection HECI Service is one of the content protection services. The following versions are affected: Intel Graphics Driver version 15.49, version 15.47, version 15.46, version 15.45, version 15.40, version 15.36, version 15.33

The SynTP.sys file is part of the Synaptics touchpad driver included with some HP notebook models. HP notebook SynTP.sys file key record code debugging vulnerability, the attacker can exploit the vulnerability to abuse the debugging code of the keylogger component, such as: malware developers can use the logging to disable the registry key registry to enable the keylogger behavior by default, and Users are monitored using native kernel-signed tools that are not detected by security products.

The Vivotek series of web cameras are all network camera products of China VIVOTEK. Vivotek series webcam has a remote stack overflow vulnerability. The vulnerability is due to the failure to properly use the strncpy() function. When the attacker sends an http request, the Content-Length header field exceeds the length limit, causing a buffer overflow.

Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by executing some commands. The attacker can exploit this vulnerability to cause a denial of service. Huawei Secospace USG6600 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Secospace USG6600 is a firewall product of Huawei in China. There is a security vulnerability in Huawei Secospace USG6600 V500R001C30SPC100 version

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei IPS Module and others are all products of China's Huawei (Huawei). Huawei IPS Module is an IPS security device. The NGFW Module is a firewall device. IKEv2 is one of the VPN protocols. There are security vulnerabilities in IKEv2 in many Huawei products. The vulnerability is caused by the program not performing sufficient input verification. The following products and versions are affected: Huawei IPS Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NGFW Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPC500PWE Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NIP6300 ..

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. Synology Router Manager (SRM) Contains a path traversal vulnerability.Information may be tampered with. A directory traversal vulnerability exists in SYNO.FileStation.Extract in versions prior to SRM 1.1.5-6542-4

Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields. Vivo Modem contains an information disclosure vulnerability.Information may be obtained. Vivomodems is an exploit tool for modems. There is a security hole in Vivomodems. There are security holes in Vivo modems

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure. plural Huawei Smartphones contain a vulnerability related to input confirmation.Information may be obtained. HuaweiBerlin-L21HN and Prague-AL00A are all smartphone products of China Huawei. There are information disclosure vulnerabilities in various Huawei phones. Successful use of this vulnerability may result in partial disclosure of information due to failure to adequately verify the message

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet. Huawei HiWallet App Contains an access control vulnerability.Information may be tampered with. Huawei HiWallet APP is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Huawei HiWallet App is a money management (Huawei Wallet) app for mobile phones from the Chinese company Huawei (Huawei)

The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiDuke-L09 is a smartphone from China's Huawei company. The HuaweiDuke-L09 \"Mobile Retrieval\" feature has an authentication bypass vulnerability. The vulnerability is due to the device's failure to properly implement authentication

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei IPS Module and others are all products of China's Huawei (Huawei). Huawei IPS Module is an IPS security device. The NGFW Module is a firewall device. IKEv2 is one of the VPN protocols. There are security vulnerabilities in IKEv2 in many Huawei products. The following products and versions are affected: Huawei IPS Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NGFW Module V500R001C00 Version, V500R001C00SPC200 Version, V500R001C00SPC300 Version, V500R001C00SPC500 Version, V500R001C00SPC500PWE Version, V500R001C00SPH303 Version, V500R001C00SPH508 Version, V500R001C20 Version, V500R001C20SPC100 Version, V500R001C20SPC100PWE Version, V500R001C20SPC200 Version, V500R001C20SPC200B062 Version, V500R001C20SPC200PWE Version, V500R001C20SPC300B078 Version, V500R001C20SPC300PWE Version; NIP6300 ..

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to write out of bound and restart. plural Huawei The product contains an out-of-bounds write vulnerability.Denial of service (DoS) May be in a state. Huawei AR and SRG series enterprise routers are Huawei's all-in-one routers for small and medium-sized offices or small and medium-sized enterprises. NetEngine16EX is a multi-service network product launched by Huawei. It is mainly used in backbone aggregation and access nodes in various industries. , large and medium-sized campus network exports, large and medium-sized enterprise headquarters or branches and other scenarios. Huawei AR120-S and others are all router products of China Huawei (Huawei). The following products and versions are affected: Huawei AR120-S V200R006C10 Version, V200R007C00 Version; AR1200 V200R006C10 Version, V200R006C13 Version, V200R007C00 Version, V200R007C02 Version; AR1200-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version; AR150 V200R006C10 Version, V200R007C00 Version, V200R007C02 Version; AR150-S V200R006C10 Version, V200R007C00 Version; AR160 V200R006C10 Version, V200R006C12 Version, V200R007C00 Version, V200R007C02 Version; AR200 V200R006C10 Version, V200R007C00 Version; AR200-S V200R006C10 Version, V200R007C00 Version; AR2200 V200R006C10 Version, V200R006C13 Version, V200R006C16PWE Version, V200R007C00 Version, V200R007C02 Version; AR2200-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version; AR3200 V200R006C10 Version, V200R006C11 Version, V200R007C00 Version, V200R007C02 Version; AR3600 V200R006C10 Version, V200R007C00 Version; AR510 V200R006C12 Version, V200R006C13 Version, V200R006C15 Version, V200R006C16 Version , V200R006C17 version, V200R007C00 version; NetEngine16EX

Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart. HuaweiMT8-EMUI4.1 and NTS-AL00 are all smartphones of China's Huawei company. HuaweiMT8-EMUI4.1 and NTS-AL00 have a denial of service vulnerability. Both Huawei MT8-EMUI4.1 and NTS-AL00 are smartphone products of China Huawei (Huawei). The following products and versions are affected: Huawei MT8-EMUI4.1 NXT-AL10C00B386 version, NXT-CL00C92B386 version, NXT-DL00C17B386 version, NXT-TL00C01B386SP01 version; NTS-AL00 NTS-AL00C00B535 version

Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. Huawei Secospace USG6600 and Secospace USG6600 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Huawei Secospace USG6600 and USG9500 are firewall products of Huawei. The following products and versions are affected: Huawei Secospace USG6600 version V500R001C30SPC100, version V500R001C30SPC200, version V500R001C30SPC300; USG9500 version V500R001C30SPC100, version V500R001C30SPC200, version V500R001

Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, RP200, and TE30/40/50/60 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A number of Huawei products, the Timergrp module, have a denial of service vulnerability because the program failed to fully check the parameters. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. Timergrp module is one of the timing modules. The Timergrp module in several Huawei products has a denial-of-service vulnerability. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Huawei DP300 V500R002C00 have an integer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks. Huawei DP300 Contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. The HuaweiDP300XML parser has an integer overflow vulnerability, which is due to the XML parser not fully verifying the received content. Multiple Huawei Products are prone to multiple local integer-overflow vulnerabilities. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed

Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks. Huawei DP300 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. The HuaweiDP300XML parser has a denial of service vulnerability because the product was not fully verified when calling malloc to request memory. Mutiple Huawei Products are prone to local denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. There is a denial of service vulnerability in the Huawei DP300 V500R002C00 version