Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products

VP9660 is the multi-point control unit of Huawei Video Conference system.

The server of the Huawei VP9660 does not validate the input when using build-in WebServer. In such case, an attacker could log in to the device as an business administrator, graft a message to change the specific information, and send them to the server to inject malicious commands, leading to information leakage or device unavailability. (Vulnerability ID: HWPSIRT-2015-08039)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8227.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

<http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461216.htm&gt;