6 matches found
PT-2013-54: Access Restrictions Bypassing in Huawei SGSN USN9810
The specialists of the Positive Research center have detected an Access Restrictions Bypassing vulnerability in Huawei SGSN USN9810. The application does not sufficiently check the user’s authorization in the system. This allows an authorized attacker to obtain access to various administrative...
PT-2013-57: Password Access in Huawei M2000
The specialists of the Positive Research center have detected a Password Access vulnerability in Huawei SGSN USN9810. The application stores and displays the FTP server password in clear text. This vulnerability allows the attackers to hijack the password and obtain access to the FTP server. How ...
PT-2013-56: Path Traversal in Huawei SGSN USN9810
The specialists of the Positive Research center have detected a Path Traversal vulnerability in Huawei SGSN USN9810. REPORTDIR parameter allows the use of symbols, which enable going beyond the current directory. How to fix Customers can contact the Huawei Technical Assistance Center TAC to reque...
PT-2013-53: Information Disclosure in Huawei SGSN USN9810
The specialists of the Positive Research center have detected an Information Disclosure vulnerability in Huawei SGSN USN9810. Web application displays the system information such as the version of the web server, its components, and the details about the installation platform in the HTTP-response...
PT-2013-55: Access Restrictions Bypassing in Huawei SGSN USN9810
The specialists of the Positive Research center have detected an Access Restrictions Bypassing vulnerability in Huawei SGSN USN9810. The platform does not provide sufficient entropy in session identifiers. This allows an attacker to brute force the current ID to bypass the authorization mechanism...
PT-2013-52: XML External Entities Injection in Huawei SGSN USN9810
The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in Huawei SGSN USN9810. An XML document may contain a Document Type Definition that, among other features, allows the definition of external entities. A malicious user may perform attack...