Huawei Fusionaccess vulnerabilities

CVE-2020-9090 [HIGH] CVE-2020-9090: FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product.

CVE-2020-1825 [MEDIUM] CWE-20 CVE-2020-1825: FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. D FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal.

CVE-2015-7844 [HIGH] CWE-20 CVE-2015-7844: Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable.

CVE-2016-8779 [MEDIUM] CVE-2016-8779: Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with spec Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database.

CVE-2016-6839 [MEDIUM] CWE-113 CVE-2016-6839: CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to in CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.