Security Advisory - Three JSON Injection Vulnerabilities in Huawei Some Products

2018-05-23T00:00:00
ID HUAWEI-SA-20180523-01-JSON
Type huawei
Reporter Huawei Technologies
Modified 2018-06-04T00:00:00

Description

There are three JSON injection vulnerabilities in Huawei some product. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. (Vulnerability ID: HWPSIRT-2018-02052, HWPSIRT-2018-02053 and HWPSIRT-2018-02054)

The three vulnerabilities have been assigned three Common Vulnerabilities and Exposures (CVE) IDs: CVE-2018-7902, CVE-2018-7903 and CVE-2018-7904.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en