8 matches found
Security Advisory - Denial of Service Vulnerability in Some Huawei Products
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal. Vulnerability ID: HWPSIRT-2020-66984 This...
Security Advisory - Out of Bounds Read Vulnerability in Several Smartphones
There is an out of bound read vulnerability in several smartphones. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. Vulnerability ID:...
Security Advisory - FragmentSmack Vulnerability in Linux Kernel
There is a DoS vulnerability in the Linux Kernel versions 3.9+ known as a FragmentSmack attack. Remote attackers could send fragmented IPv4 or IPv6 packets to the affected device to trigger time and calculation reassembly algorithms that could consume excessive CPU resources, resulting in a DoS...
Security Advisory - Authentication Bypass Vulnerability in Some Pre-installed Apps on Huawei Phones
There is an authentication bypass vulnerability in some pre-installed apps on Huawei mobile phones due to insufficient validation on invocation requests. An attacker may trick a user into installing a malicious app which can invoke the open interfaces of the vulnerable apps to install any apps...
Security Advisory - Out-Of-Bounds Write Vulnerability on Several Huawei Products
There is an out-of-bounds write vulnerability on several Huawei products. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticate...
Security Advisory - Multiple Security Vulnerabilities in Huawei iReader
Huawei iReader app has three security vulnerabilities. The app has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be...
Security Advisory - Command Injection Vulnerability in the NetEco
Huawei iManager NetEco has a command injection vulnerability due to insufficient input validation. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a high...
Security Advisory - Defense Mechanism Bypass Vulnerability in Huawei USG Products
There is a defense mechanism bypass vulnerability in Huawei USG products. Successful exploit could allow an attacker to bypass the anti-DDoS module of the USGs to send massive HTTP packets, possibly causing a denial of service condition on the backend server. Vulnerability ID: HWPSIRT-2016-07050...