1006 matches found
Security Advisory - Use after Free Vulnerability in Huawei Smartphone
There is a user after free vulnerability in Huawei smartphone. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device. Vulnerability ID: HWPSIRT-2020-03123 This vulnerability has been...
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and control the bottom level, successful exploit could cau...
Security Advisory - Two Vulnerabilities in Huawei eSpace Product
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak. Vulnerability I...
Security Advisory - Buffer Overflow Vulnerability on Several Products
There is a buffer overflow vulnerability on madapt driver of several products. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of...
Security Advisory - Authentication Bypass Vulnerability in Some Huawei Mobile Phones
There is an authentication bypass vulnerability in some Huawei mobile phones. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause som...
Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Print Spooler Service
Microsoft released a security bulletin MS10-061 to publicly disclose a remote code execution vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system. Vulnerability ID:...
Security Advisory - Use of a Risky Cryptographic Algorithm Vulnerability on Several Products
There is a use of a broken or risky cryptographic algorithm vulnerability on several products. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could resul...
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
There is a buffer overflow vulnerability in the Common Open Policy Service Protocol COPS module of some Huawei products. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted message to the affected products. The vulnerability is due to insufficient inp...
Security Advisory - Three Buffer Overflow Vulnerabilities in Some Huawei Products
There are three buffer overflow vulnerabilities in some Huawei products. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. Vulnerabilit...
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
There is Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Googl...
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
There is Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker can enter some functional modules without authorization and perform operations to update the Google...
Security Advisory - DoS Vulnerability in Some Huawei Firewall Products
Some Huawei firewall products have a denial of service DoS vulnerability. Due to improper validation of some specific fields of DHCP message, an unauthenticated attacker may send abnormal DHCP request packets to the affected products. Successful exploit of this vulnerability could lead to a DoS...
Security Advisory - Identity Bypass Vulnerability in Some Huawei Smart Screen Products
The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.Vulnerability ID:HWPSIRT-2023-82635 This vulnerability has been assigned a CVE ID:...
Security Advisory - Misinterpretation of Input in a Huawei Printer Product
A Huawei printer product is vulnerable to misinterpretation of input. Successful exploitation could lead to DoS. Vulnerability ID:HWPSIRT-2022-44321 This vulnerability has been assigned a CVE ID: CVE-2022-48230...
Security Advisory - Command Injection Vulnerability in Huawei Product
There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. Vulnerability ID: HWPSIRT-2022-51773 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2022-32203. Fo...
Security Advisory - Path Traversal Vulnerability in Huawei FusionCube Product
There is a path traversal vulnerability in Huawei FusionCube product. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly...
Security Advisory - Path Traversal Vulnerability in Huawei PC Product
There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain...
Security Advisory - Path Traversal Vulnerability in Some Huawei Products
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly...
Security Advisory - Improper Licenses Management Vulnerability in Some Products
There has a license management vulnerability in some huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect...
Security Advisory - Privilege Escalation Vulnerability in Huawei FusionCompute Product
There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. Vulnerability ID: HWPSIRT-2020-05241 This vulnerability has been...
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged. Vulnerability ID: HWPSIRT-2019-10020 This...
Security Advisory - Three Out of Bounds Vulnerabilities in Several Smartphones
There are three out of bounds vulnerabilities in several smartphones. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. Vulnerability ID:...
Security Advisory - Bypass Vulnerability in the 'Find Phone' Function of Some Huawei Smart Phones
There is an authentication bypass vulnerability in the 'Find Phone' function of some Huawei smart phone. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally...
Security Advisory - Use After Free Vulnerability in Madapt Driver of Some Huawei Smart Phones
The Madapt Driver of some Huawei smart phones has a use after free UAF vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. Vulnerability ID:...
Security Advisory - Weak Algorithm Vulnerability in Huawei USG product
There is a weak algorithm vulnerability in Huawei USGUSG6300/USG6600 products. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links. Vulnerability ID: HWPSIRT-2017-02028 This vulnerability has been...
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
There is Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed...
Security Advisory - XSS Vulnerability in Huawei Agile Controller-Campus
A reflected cross-site scripting XSS vulnerability exists in some portal authentication page of the Agile Controller-Campus. When an attacker sends a malicious link to the system, the user is online and clicks on the link, XSS occurs. Therefore, the attacker may obtain the administrator privilege...
Security Advisory-Heap Overflow Vulnerability in Huawei eSap Platform
Huawei eSap software platform has four heap overflow vulnerabilities. Huawei products that have used this platform are affected. When receiving some special malformed packets, such devices access heap memory that is beyond the valid range and cause unexpected restart of the devices. If an attacke...
Security Advisory - Improper Signature Management Vulnerability in Some Huawei Products
There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Vulnerability ID:...
Security Advisory - Improper File Upload Control Vulnerability in Huawei FusionCompute Product
There is an improper file upload control vulnerability in Huwei FusionCompute product. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal. Vulnerability...
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
There is an improper authorization vulnerability in several smartphones. The system does not properly restrict the use of system service by applications, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of audio service...
Security Advisory - Improper Authorization Vulnerability in Some Huawei Smartphones
There is an improper authentication vulnerability in some Huawei smart phones. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could allow the attacker to perform unauthorized operation...
Security Advisory - Denial of Service Vulnerability in Huawei Product
There is a DoS vulnerability that IPSec Module handles a specific message incorrectly, causing memory unreleased. Attackers can send specific message to cause Denial of Service in IPSec module. Vulnerability ID: HWPSIRT-2019-12418 This vulnerability has been assigned a Common Vulnerabilities and...
Security Advisory - Memory Double Free Vulnerability in Image Processing Module of Some Huawei Smart Phones
The image processing module of some Huawei smart phones has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash. Vulnerability ID: HWPSIRT-2018-110...
Security Advisory - Improper Authorization Vulnerability on Huawei Switch Products
There is an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information...
Security Advisory - Two Buffer Overflow Vulnerabilities in Some Huawei Products
There is an out-of-bound write vulnerability in some Huawei products. Due to insufficient input validation, a remote, unauthenticated attacker may craft encryption key to the affected products. Successful exploit may cause buffer overflow, services abnormal. Vulnerability ID: HWPSIRT-2017-11058...
Security Advisory - Two Remote Code Execution Vulnerabilities in Microsoft Windows
Microsoft released a security advisory to disclose a remote code execution vulnerability in Microsoft Server Message Block 1.0 SMBv1. A remote attacker could send a specially crafted packet to a targeted SMBv1 server. The attacker could exploit the vulnerability to gain the ability to execute cod...
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
Some Huawei products have a memory leak vulnerability. An unauthenticated attacker may send specific Resource ReServation Protocol RSVP packets to the affected products. Due to not release the memory to handle the packets, successful exploit will result in memory leak of the affected products and...
Security Advisory - FRP Bypass Vulnerability in Huawei Honor 5S Smart Phones
Huawei Honor 5S smart phones have a Factory Reset Protection FRP bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory...
Security Advisory - Directory Traversal Vulnerability in Push Module of Huawei Smart Phone
There is a directory traversal vulnerability in Push module of Huawei Smart Phone. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service. Vulnerability ID:...
Security Advisory - Buffer Overflow Vulnerability in HIFI Driver of Huawei Smart Phone
The HIFI driver of some Huawei products has buffer overflow vulnerability due to the lack of a parameters check. An attacker can get ROOT privilege and send given parameter to driver to crash the system or execute arbitrary code. Vulnerability ID: HWPSIRT-2016-05220 This vulnerability has been...
Security Advisory - PXN Defense Mechanism Failure Vulnerability in Huawei Mobile Phones
There is a Privileged Execute-Never PXN defense mechanism failure vulnerability in the drive code of some Huawei mobile phones. An attacker may trick users into installing malicious apps which can disable the PXN defense mechanism by invoking related drive code to crash the system or escalate...
Security Advisory - DoS Vulnerability in Huawei Switches
There is a DoS vulnerability caused by memory leak in some of Huawei products as affected products list below. For lacking of adequate input validation,attackers can craft and send a large number of malformed packets to the target device to exhaust the memory of the device and may cause the devic...
Security Advisory - Reset Password and Information Leak Vulnerabilities in Huawei UMA
The Unified Maintenance Audit UMA system provides a unified portal for O&M operations, controls and records users' O&M operations, and supports auditing by way of command display and video replay. The UMA has two security vulnerabilities. One vulnerability is due to insufficient parameter...
Security Advisory - Insufficient Input Validation Vulnerability in the FusionInsight
The FusionInsight has an insufficient input validation vulnerability. An attacker may exploit it to gain the root privilege of the Linux system where the software resides and control the operating system cluster. Vulnerability ID: HWPSIRT-2016-06010 This vulnerability has been assigned Common...
Security Advisory - Directory Traversal Vulnerability in Huawei AR Router
The AR router has a directory traversal vulnerability when serving as an SFTP server. An attacker can log in to the AR router and traverse FTP server directories to access unauthorized directories, leading to information leaks. Vulnerability ID: HWPSIRT-2015-09029 This vulnerability has been...
Security Advisory-A Vulnerability on the HWTACACS Authorization Module of the CloudEngine
The HWTACACS modules of some Huawei CloudEngine series switches have vulnerabilities. Attackers can execute the commands that can be used by users with higher-level permissions by bypass the right check of HWTACACS server. HWPSIRT-2013-1256. This Vulnerability has been assigned Common...
Security Advisory - Path Traversal Vulnerability in Huawei Home Music System
Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.Vulnerability ID:HWPSIRT-2023-60613 This vulnerability has been assigned a CVEID:CVE-2023-7300...
Security Advisory - Data Processing Error Vulnerability in a Huawei Band
A Huawei band has a data processing error vulnerability. Successful exploitation could bypass lock screen authentication.Vulnerability ID:HWPSIRT-2022-11965 This vulnerability has been assigned a CVEID:CVE-2022-48254...
Security Advisory -Input Verification Vulnerabilities Involved in Huawei Printer Product
There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. Vulnerability ID: HWPSIRT-2022-87185 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2022-32204. For...