There are three JSON injection vulnerabilities in Huawei some product. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. (Vulnerability ID: HWPSIRT-2018-02052, HWPSIRT-2018-02053 and HWPSIRT-2018-02054)
The three vulnerabilities have been assigned three Common Vulnerabilities and Exposures (CVE) IDs: CVE-2018-7902, CVE-2018-7903 and CVE-2018-7904.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: