Security Advisory - SQL Injection Vulnerability in Policy Center Product

Type huawei
Reporter Huawei Technologies
Modified 2016-03-25T00:00:00


Huawei Policy Center dynamically allocates network resources in a unified manner, enabling the network to provide services with more agility. The Policy Center has a SQL injection vulnerability. After logging in to the target device, a remote attacker could exploit this vulnerability by grafting malicious SQL statements to tamper with the system databases and gain administrative privileges. (Vulnerability ID: HWPSIRT-2015-12023) This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-3675. Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: