1006 matches found
Security Advisory - Out of Bounds Write Vulnerability in Huawei Smartphone
There is an out of bounds write vulnerability in Huawei Smartphone product when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause th...
Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product
There is a command injection vulnerability in Huawei FusionCompute product. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. Vulnerability ID:...
Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Phones
There is an insufficient input validation vulnerability in some Huawei products. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service...
Security Advisory - Smart SMS Verification Code Vulnerability in Some Huawei Smart Phones
There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak...
Security Advisory - Two Remote Code Execution Vulnerabilities in Microsoft Windows
Microsoft released a security advisory to disclose a remote code execution vulnerability in Microsoft Server Message Block 1.0 SMBv1. A remote attacker could send a specially crafted packet to a targeted SMBv1 server. The attacker could exploit the vulnerability to gain the ability to execute cod...
Security Advisory - DoS Vulnerability in Some Huawei Products
There is an DoS vulnerability in some Huawei products due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system, when a system manager load the key, an infinite loop happens which lead to...
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
Some Huawei products have a memory leak vulnerability. An unauthenticated attacker may send specific Resource ReServation Protocol RSVP packets to the affected products. Due to not release the memory to handle the packets, successful exploit will result in memory leak of the affected products and...
Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products
There is an out-of-bounds read vulnerability in some Huawei products. An attacker has to control the peer device and send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause some service abnormal. Vulnerability ID:...
Security Advisory - Information Exposure Vulnerability in Huawei Products
Some Huawei products have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure. Vulnerability ID: HWPSIRT-2017-07133 This vulnerability has been assigned Common...
Security Advisory - Insufficient Input Validation Vulnerability in Bastet of Huawei Smart Phone
The Bastet of some Huawei mobile phones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. Vulnerability ID: HWPSIRT-2017-05190 This...
Security Advisory - MaxAge LSA Vulnerability in OSPF Protocol of Some Huawei Products
Some Huawei products have a MaxAge LSA vulnerability due to improper OSPF implementation. When the device receives special LSA packets, the LS Link Status age would be set to MaxAge, 3600 seconds. An attacker can exploit this vulnerability to poison the route table and launch a DoS attack...
Security Advisory - Buffer Overflow vulnerability in the GaussDB
The GaussDB has a buffer overflow vulnerability due to the lack of input validation on some parameters. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service DoS condition in the affected system. Vulnerability ID:...
Security Advisory - Multiple Security Vulnerabilities in Driver of Huawei Smart Phones
There are two stack overflow vulnerabilities in video driver. An attacker may trick a user into installing a malicious application and the application can send given parameter to video driver to crash the system or escalate user privilege. Vulnerability ID: HWPSIRT-2016-08056 and HWPSIRT-2016-080...
Security Advisory - Uncontrolled Format String Vulnerability on Multiple Products
Several Huawei routers and switches have an uncontrolled format string vulnerability when processing partial commands. An authenticated attacker could exploit this vulnerability to cause a denial of service. Vulnerability ID: HWPSIRT-2016-07011 This vulnerability has been assigned Common...
Security Advisory - Two Command Injection Vulnerabilities in Huawei UMA
The Unified Maintenance Audit UMA system provides a unified portal for O&M operations, controls and records users' O&M operations, and supports auditing by way of command display and video replay. The UMA has two command injection vulnerabilities due to the lack of validation on special fields. A...
Security Advisory - Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone
Some Huawei smart phones have a heap overflow security vulnerability in the HIFI driver. An attacker may trick a user into installing a malicious application and use the application to read and modify memory, which can reboot the system or cause permission escalation. Vulnerability ID:...
Security Advisory-WPS PIN Offline Brute Force Cracking Vulnerability in Huawei Home Gateway Products
Some Huawei home gateways are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator RNG used in the supplier’s solution is not random enough. As a result, brute force cracking the PIN code is easier. After an attacker cracks the PIN...
Security Advisory-Multiple Vulnerabilities on Huawei P2 Smartphone
This security advisory SA describes two vulnerabilities. The decoder driver of P2 was found to allow any application to read or write to an arbitrary memory address. HWPSIRT-2014-0401 This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2014-2273. The Kingsoft...
Security Advisory-CSRF Vulnerabilities in Multiple Products
Cross-site request forgery CSRF vulnerabilities are discovered in multiple products, including FusionManager Vulnerability ID: HWPSIRT-2014-0408 and USG firewall series Vulnerability ID: HWPSIRT-2014-0406. Vulnerabilities in the web interface of these devices could allow an unauthenticated, remot...
Security Advisory-Multiple Heap Overflow Vulnerabilities in Huawei Campus Series Switches
Some Huawei Campus series switches have three heap overflow vulnerabilities. When receiving some special malformed packets, such devices access heap memory that is beyond the valid range and cause unexpected restart of the devices. If an attacker keeps sending such malformed packets, the devices...
Security Advisory - Out-of-Bounds Write Vulnerability in a Huawei Sound Box Product
A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Vulnerability ID:HWPSIRT-2022-61463 This vulnerability has been assigned a CVE ID: CVE-2022-48330...
Security Advisory - Memory Leak Vulnerability in Huawei Products
There is a memory leak vulnerability in huawei products. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. Vulnerability ID: HWPSIRT-2021-39541...
Security Advisory - Server-Side Request Forgery Vulnerability in Huawei Product
There is a server-side request forgery vulnerability in huawei product. This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do...
Security Advisory - Information Leakage Vulnerability in Some Huawei Product
There is an information leakage vulnerability in some huawei products. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. Vulnerability ID:...
Security Advisory - Race Condition Vulnerability in Some Huawei Products
There is a race condition vulnerability in some Huawei products. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal. Vulnerability ID: HWPSIRT-2020-05257 This vulnerabili...
Security Advisory - Improper Authorization Vulnerability in Huawei Products
There is an improper authorization vulnerability in Huawei products. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service. Vulnerability ID: HWPSIRT-2020-05262 This vulnerability has been...
Security Advisory - Denial of Service Vulnerability in Some Huawei Products
There is a denial of service vulnerability in some huawei products. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal. Vulnerabilit...
Security Advisory - XXE Injection Vulnerability in Huawei Products
There is an XXE injection vulnerability in some Huawei products. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service. Vulnerability ID: HWPSIRT-2020-04355 This...
Security Advisory - Information Leakage Vulnerability in Huawei Products
There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Vulnerability ID: HWPSIRT-2020-74955 This vulnerability ha...
Security Advisory - Information Leak Vulnerability in Huawei Products
There is an information leak vulnerability. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. Vulnerability ID: HWPSIRT-2020-01428 This vulnerability has...
Security Advisory - Information Disclosure Vulnerability in TE Mobile Software
There is an information disclosure vulnerability in TE Mobile software. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure. Vulnerability...
Security Advisory - Denial of Service Vulnerability in Some Huawei Products
There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attacker can construct attack scenarios, which lead to denial of service. Vulnerability ID: HWPSIRT-2020-79490 This vulnerability has...
Security Advisory - Use After Free Vulnerability in Several Smartphones
There is a use after free vulnerability in several smartphones. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution...
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted...
Security Advisory - Out of Bounds Read Vulnerability in Several Products
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Vulnerability ID: HWPSIRT-2019-12425 This vulnerability has been...
Security Advisory - Improper Authentication Vulnerability on Smartphones
There is an improper authentication vulnerability on smartphones. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which i...
Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Products
There is a sensitive information leak vulnerability in some Huawei products. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak. Vulnerability ID...
Security Advisory - FRP Bypass Vulnerability on Huawei Smart Phones
There is a FRP bypass vulnerability on Huawei smart phones. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP. Vulnerability ID: HWPSIRT-2018-06018 Th...
Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products
There is an out-of-bounds read vulnerability in some Huawei products. An unauthenticated, remote attacker has to control the peer device and craft the Signalling Connection Control Part SCCP messages to the target devices. Due to insufficient input validation of some values in the messages,...
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
There is a memory leak vulnerability in several Huawei products. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal. Vulnerability ID: HWPSIRT-2017-0803...
Security Advisory - Activation Lock Bypass Vulnerability on Smartphones
There is an activation lock bypass vulnerability on Smartphones. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypas...
Security Advisory - Buffer overflow Vulnerability in Bastet Driver of Huawei Smart Phone
The Bastet driver of some Huawei smart phones has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing...
Security Advisory - Resource Exhaustion Vulnerability in Some Huawei Smartphones
Some Huawei smartphones have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery. Vulnerability ID: HWPSIRT-2017-04120 This...
Security Advisory - Memory Double Free Vulnerability in Driver of Some Huawei Smart Phones
The soundtrigger driver of some Huawei smart phones has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash...
Security Advisory - Buffer Overflow Vulnerability in the Boot Loaders of Huawei Mobile Phones
The boot loaders of some Huawei mobile phones have a buffer overflow vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the...
Security Advisory - Buffer Overflow Vulnerability in Huawei Firewall Products
The security policy processing module of some Huawei firewall products have a buffer overflow vulnerability. An authenticated attacker may setup a specific security policy into the devices, causing buffer overflow and crash the system. Vulnerability ID: HWPSIRT-2016-06074 This vulnerability has...
Security Advisory - XXE Vulnerability in the E9000
E9000 has an XML External Entity XXE vulnerability when parsing user-supplied XML documents in HMM Hyper Management Module. Attackers could exploit this vulnerability to read arbitrary files and cause a denial of the web service. Vulnerability ID: HWPSIRT-2016-05249 This vulnerability has been...
Security Advisory - Vulnerability of Improper Interface Access Control in a Huawei PC Product
A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMM leaks. Attackers can exploit this vulnerability to boot the UEFI shell and cause memory leaks.Vulnerability ID:HWPSIRT-2023-64955 This vulnerability has been...
Security Advisory - Improper Handling of Length Parameter Inconsistency in a Huawei PC Product
A Huawei PC product is vulnerable to improper handling of length parameter inconsistency. Successful exploitation of this vulnerability can compromise the data structure stored at the beginning of SMRAM and may cause code execution in SMM.Vulnerability ID:HWPSIRT-2023-91490 This vulnerability has...
Security Advisory - Resource Management Error Vulnerability in Some Huawei Products
There is a resource management error vulnerability in some Huawei Products. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on...