Security Advisory - Information Exposure Vulnerability in Huawei Ethernet Switch

2016-01-12T00:00:00
ID HUAWEI-SA-20160112-01-SWITCH
Type huawei
Reporter Huawei Technologies
Modified 2016-01-12T00:00:00

Description

There is an information exposure vulnerability in Huawei Ethernet switch. When uploading files to some directory, the user needs to enter the username and password. However, the system does not mask passwords. As a result, the password entered is displayed in plain text, leading to password leaks. (Vulnerability ID: HWPSIRT-2015-08053)   This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8675.   Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160112-01-switch-en