Security Advisory - A Security Vulnerability of Using Insecure Random Numbers to Generate Self-signed Certificates in Huawei Products

2016-07-2000:00:00

Huawei Technologies

www.huawei.com

JSON

Some Huawei products automatically generate self-signed certificates upon the first use. The random numbers used to generate these certificates are not random enough. Different devices’ certificates may use the same random number consequently, which contains the risk of an attacker compromising the certificates. (Vulnerability ID: HWNSIRT-2016-05255)
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160720-01-certificate-en

Affected configurations

Vulners

Node

huaweis2300_firmwareMatchv100r006c05

huaweis2300_firmwareMatchv200r003c00

huaweis2300_firmwareMatchv200r005c00

huaweis2700_firmwareMatchv100r006c05

huaweis2700_firmwareMatchv200r003c00

huaweis2700_firmwareMatchv200r005c00

huaweis3300_firmwareMatchv100r006c05

huaweis3700_firmwareMatchv100r006c05

huaweis5300_firmwareMatchv200r003c00

huaweis5300_firmwareMatchv200r005c00

huaweis5700_firmwareMatchv200r003c00

huaweis5700_firmwareMatchv200r005c00

huaweis6300_firmwareMatchv200r003c00

huaweis6300_firmwareMatchv200r005c00

huaweis6700_firmwareMatchv200r003c00

huaweis6700_firmwareMatchv200r005c00

huaweis7700_firmwareMatchv200r003c00

huaweis7700_firmwareMatchv200r005c00

huaweis9300_firmwareMatchv200r003c00

huaweis9300_firmwareMatchv200r005c00

huaweis9700_firmwareMatchv200r003c00

huaweis9700_firmwareMatchv200r005c00

huaweis12700_firmwareMatchv200r005c00

VendorProductVersionCPE
huaweis2300_firmwarev100r006c05cpe:2.3:o:huawei:s2300_firmware:v100r006c05:*:*:*:*:*:*:*
huaweis2300_firmwarev200r003c00cpe:2.3:o:huawei:s2300_firmware:v200r003c00:*:*:*:*:*:*:*
huaweis2300_firmwarev200r005c00cpe:2.3:o:huawei:s2300_firmware:v200r005c00:*:*:*:*:*:*:*
huaweis2700_firmwarev100r006c05cpe:2.3:o:huawei:s2700_firmware:v100r006c05:*:*:*:*:*:*:*
huaweis2700_firmwarev200r003c00cpe:2.3:o:huawei:s2700_firmware:v200r003c00:*:*:*:*:*:*:*
huaweis2700_firmwarev200r005c00cpe:2.3:o:huawei:s2700_firmware:v200r005c00:*:*:*:*:*:*:*
huaweis3300_firmwarev100r006c05cpe:2.3:o:huawei:s3300_firmware:v100r006c05:*:*:*:*:*:*:*
huaweis3700_firmwarev100r006c05cpe:2.3:o:huawei:s3700_firmware:v100r006c05:*:*:*:*:*:*:*
huaweis5300_firmwarev200r003c00cpe:2.3:o:huawei:s5300_firmware:v200r003c00:*:*:*:*:*:*:*
huaweis5300_firmwarev200r005c00cpe:2.3:o:huawei:s5300_firmware:v200r005c00:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	s2300_firmware	v100r006c05	cpe:2.3:o:huawei:s2300_firmware:v100r006c05:::::::*
huawei	s2300_firmware	v200r003c00	cpe:2.3:o:huawei:s2300_firmware:v200r003c00:::::::*
huawei	s2300_firmware	v200r005c00	cpe:2.3:o:huawei:s2300_firmware:v200r005c00:::::::*
huawei	s2700_firmware	v100r006c05	cpe:2.3:o:huawei:s2700_firmware:v100r006c05:::::::*
huawei	s2700_firmware	v200r003c00	cpe:2.3:o:huawei:s2700_firmware:v200r003c00:::::::*
huawei	s2700_firmware	v200r005c00	cpe:2.3:o:huawei:s2700_firmware:v200r005c00:::::::*
huawei	s3300_firmware	v100r006c05	cpe:2.3:o:huawei:s3300_firmware:v100r006c05:::::::*
huawei	s3700_firmware	v100r006c05	cpe:2.3:o:huawei:s3700_firmware:v100r006c05:::::::*
huawei	s5300_firmware	v200r003c00	cpe:2.3:o:huawei:s5300_firmware:v200r003c00:::::::*
huawei	s5300_firmware	v200r005c00	cpe:2.3:o:huawei:s5300_firmware:v200r005c00:::::::*

Rows per page:

1-10 of 231

JSON