U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/h:huawei:espace_7950:-
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2018-7960

There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.

Published: November 27, 2018; 5:29:00 PM -0500
V3.0: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2018-7959

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.

Published: November 27, 2018; 5:29:00 PM -0500
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-7958

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.

Published: November 27, 2018; 5:29:00 PM -0500
V3.0: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2017-17223

Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash.

Published: March 09, 2018; 12:29:01 PM -0500
V3.0: 8.8 HIGH
V2.0: 8.0 HIGH
CVE-2017-17222

Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.

Published: March 09, 2018; 12:29:01 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-17221

Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.

Published: March 09, 2018; 12:29:01 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-2722

DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30 have an input validation vulnerability.A remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial of service or execute arbitrary code.

Published: November 22, 2017; 2:29:01 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2015-8231

Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets.

Published: January 11, 2016; 10:59:03 AM -0500
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH