Huawei Fusioncompute
By the Year
In 2024 there have been 0 vulnerabilities in Huawei Fusioncompute . Fusioncompute did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 5 | 6.66 |
| 2020 | 3 | 6.47 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Fusioncompute vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Huawei Fusioncompute Security Vulnerabilities
There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file
CVE-2021-37102
8.8 - High
- November 23, 2021
There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0.
Command Injection
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10
CVE-2021-37036
5.5 - Medium
- November 23, 2021
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak.
Information Disclosure
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0
CVE-2021-37106
7.2 - High
- September 28, 2021
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system.
Command Injection
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0
CVE-2021-37105
7.5 - High
- September 28, 2021
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal.
Unrestricted File Upload
There is an insufficient input validation vulnerability in FusionCompute 8.0.0
CVE-2021-22358
4.3 - Medium
- May 27, 2021
There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal.
Improper Input Validation
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability
CVE-2020-9114
7.8 - High
- December 01, 2020
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation.
Improper Privilege Management
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability
CVE-2020-9116
7.2 - High
- December 01, 2020
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.
Command Injection
FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability
CVE-2020-9128
4.4 - Medium
- November 12, 2020
FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak.
Inadequate Encryption Strength
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Huawei Fusioncompute or by Huawei? Click the Watch button to subscribe.
