1006 matches found
Security Advisory - Denial of Service Vulnerability in Huawei Product
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to affected module. This can lead to denial of service. Vulnerability ID: HWPSIRT-2020-65315 This...
Security Advisory - Out-of-Bound Read and Write Vulnerability in Huawei Product
There is an out-of-bound read and write vulnerability in Huawei smartphone. A module dose not verify the input sufficiently. Attackers can exploit this vulnerability by modifying some configuration to cause out-of-bound read and write, causing denial of service. Vulnerability ID: HWPSIRT-2020-051...
Security Advisory - Stack Overflow Vulnerability in Huawei Smart Phone Product
There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. Vulnerability ID: HWPSIRT-2019-11030 This...
Security Advisory - Local Privilege Escalation Vulnerability in Huawei OSD Product
There is a local privilege escalation vulnerability in Huawei OSD product. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID: HWPSIRT-2020-02153 This...
Security Advisory - Race Condition Vulnerability on Several Smartphones
There is a race condition vulnerability on certain detection module of smartphone. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful...
Security Advisory - Information Leakage in Huawei VIP App Web Service
Huawei VIP App is mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability that attackers can conduct bruteforce to the VIP App Web Services to get user information leakage. Vulnerability ID: HWPSIRT-2018-11111 This vulnerability has been assign...
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
There is a buffer overflow vulnerability in the Common Open Policy Service Protocol COPS module of some Huawei products. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful...
Security Advisory - DoS Vulnerability in Some Huawei Smart Phones
Some Huawei smart phones have a denial of service DoS vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow th...
Security Advisory - Several Vulnerabilities in H323 Protocol of Huawei Products
There are three null pointer dereference vulnerabilities in H323 protocol of Huawei products. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash...
Security Advisory - Two Vulnerabilities in Some Huawei Products
There is a DoS vulnerability in some Huawei products. Due to incorrect malformed message processing logic, an authenticated, remote attacker could send specially crafted message to the target device.Successful exploit of the vulnerability could cause stack overflow and make a service unavailable...
Security Advisory - Integer overflow Vulnerability in Bastet Driver of Huawei Smart Phone
The Bastet driver of some Huawei smart phones has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitra...
Security Advisory - Two DoS Vulnerabilities in Call Module of Some Huawei Smart Phones
There are two DoS vulnerabilities in the call module of some Huawei smart phones due to the lack of a parameters check. An attacker may trick a user into installing a malicious application, and the application can send given parameter to call module to crash the call and data communication proces...
Security Advisory - Privilege Escalation Vulnerability in Push Module of Huawei Smart Phone
There is a privilege escalation vulnerability in Push module of Huawei Smart Phone. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. Vulnerability ID: HWPSIRT-2017-05070...
Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products
Some Huawei products have an insufficient input validation vulnerability. An unauthenticated attacker could send a forged air interface message to an affected product through a rogue base station. Due to insufficient input validation, the attacker could exploit this vulnerability to tamper with a...
Security Advisory - Privilege Elevation Vulnerability Caused by Arbitrary File Upload in Huawei Themes
The Huawei Themes APP in some Huawei products has a privilege elevation vulnerability due to the lack of theme pack check. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of...
Security Advisory - XML Bomb Vulnerability in AnyOffice
AnyOffice Enterprise Mobile Management EMM is a module of the AnyOffice, which provides the mobile terminal management function. The XML Bomb vulnerability in the AnyOffice EMM could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb...
Security Advisory - IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
There is a vulnerability in the IP Version 6 IPv6 Neighbor Discovery packet process of multiple products, successful exploit could allow an unauthenticated, remote attacker to cause an affected device to start dropping legitimate IPv6 neighbors as legitimate ND times out, leading to a denial of...
Security Advisory - Two Buffer Overflow Vulnerabilities in Wi-Fi Driver of Huawei Smart Phone
Wi-Fi driver of some Huawei products have two buffer overflow vulnerabilities due to the lack of a parameters check. An attacker may trick a user into installing a malicious application, and the application can send given parameter to Wi-Fi driver to crash the system or escalate user privilege...
Security Advisory - Local Permission Escalation Vulnerability in GPU of P7 Phones
The graphics processing unit GPU of Huawei P7 phones have a local permission escalation vulnerability.GPU does not properly validate the specific input parameters. An attacker may trick a user into installing a malicious application and use the application to read and modify product memory addres...
Security Advisory - UE Measurement Leak Vulnerability in Huawei P8 Phones
An information leak vulnerability exists in Huawei P8 Phones. Before sending a specific signal to a base station, the P8 Phone does not check its own security status. An attacker uses a fake base station to construct a specific scenario and obtain the specific signal which includes user equipment...
Security Advisory - MITM Vulnerability in the OpenSSL Module of Huawei eSight Network
During certificate verification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted...
Security Advisory-Resource Management Vulnerability in the AR1220
Under Specifically configurations in the AR1220, An attacker sends massive traffic to the FE port from the GE port on the main board. As a result, the interface board resets unexpectedly. Vulnerability ID: HWPSIRT-2014-1298. This Vulnerability has been assigned Common Vulnerabilities and Exposure...
Security Advisory-DLL Hijacking Vulnerability on Huawei USB Modem products
This security advisory SA describes the impact of DLL-Hijacking vulnerability discovered in website. Vulnerability ID: HWPSIRT-2014-1046 This vulnerability is referenced in this document as follows: Any user in the system can modify the legitimate binary to any kind of malicious executable. If an...
Security Advisory - Huawei PC Product Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
A Huawei PC product is vulnerable to improper restriction of operations within the bounds of a memory buffer. Successful exploitation of this vulnerability could compromise SMRAM memory, resulting in code execution in SMM.Vulnerability ID:HWPSIRT-2023-11450 This vulnerability has been assigned a...
Security Advisory - Huawei PC Product Vulnerable to Improper Check for Unusual or Exceptional Conditions
A Huawei PC product is vulnerable to improper check for unusual or exceptional conditions. An attacker with the common privilege can exploit this vulnerability. Successful exploitation of this vulnerability could cause OS service exceptions.Vulnerability ID:HWPSIRT-2023-25233 This vulnerability h...
Security Advisory - Improper Authentication Vulnerability in Huawei Product
There is an improper authentication vulnerability in Hero-CT060. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are...
Security Advisory - Denial of Service Vulnerability in Huawei Smartphone
There is a denial of service vulnerability in Huawei smartphone. A module does not verify certain parameters sufficiently and it leads to some exceptions. Successful exploit could cause a denial of service condition. Vulnerability ID: HWPSIRT-2020-05281 This vulnerability has been assigned a Comm...
Security Advisory - Resource Management Errors Vulnerability in Huawei Smartphone Product
There is a resource management errors vulnerability in Huawei smartphone product. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience. Vulnerability ID: HWPSIRT-2020-06101 This...
Security Advisory - Privilege Escalation Vulnerability in Huawei Product
There is a privilege escalation vulnerability in some Huawei products. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise...
Security Advisory - Improper Integrity Checking Vulnerability on some Huawei Products
There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications. Vulnerability ID: HWPSIRT-2019-10070 This vulnerability has been...
Security Advisory - Path Traversal Vulnerability on Huawei Share
There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Vulnerabili...
Security Advisory - Authorization Bypass Vulnerability on Some Huawei Smartphone
Some Huawei smart phones have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope ...
Security Advisory - Multiple Vulnerabilities in IPsec IKE of Huawei Firewall Products
There is a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability c...
Security Advisory - DoS Vulnerability in SMS Module of Some Huawei Smart Phones
There is a Denial of Service DoS vulnerability in the Short Message Service SMS module of some Huawei smart phones. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive...
Security Advisory - Arbitrary Memory Free Vulnerability in GPU Driver of Some Huawei Smart Phones
There is an arbitrary memory free vulnerability in GPU driver of some Huawei smart phones due to insufficient parameters verification. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory...
Security Advisory - Improper Resource Management Vulnerability in Some Huawei Products
There is an improper resource management vulnerability in some AR series products. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the...
Security Advisory - Information Disclosure Vulnerability on Honor Smart Scale Application
There is an information disclosure vulnerability on Honor Smart Scale application. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information...
Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products
There is an insufficient input validation vulnerability in some Huawei products. An unauthenticated, remote attacker may send crafted IKE V2 messages to the affected products. Due to the insufficient validation of the messages, successful exploit will cause invalid memory access and result in a...
Security Advisory - Improper Authorization Vulnerability in Huawei FusionSphere OpenStack
There is an improper authorization vulnerability in Huawei FusionSphere OpenStack products. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation. Vulnerability ID:...
Security Advisory - DOS Vulnerability in some Huawei APPs
There is a DoS Vulnerability in some Huawei APPs. An attacker tricks a user into installing a malicious application on the smart phone, the attacker can send malformed packets to the device. Due to the lack of adequate input validation of APPs, which causes the APPs Denial of Service. Vulnerabili...
Security Advisory - Improper Authentication Vulnerability in The FusionSphere OpenStack
FusionSphere OpenStack has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message. Vulnerability ID: HWPSIRT-2017-06002 This vulnerability has...
Security Advisory - Authentication Bypass Vulnerability in Huawei Honor 5S Smart Phones
Huawei Honor 5S smart phones have an authentication bypass vulnerability due to the improper design of some components. An attacker can get a user's smart phone and install malicious apps in the mobile phone, allowing the attacker to reset the password and fingerprint of the phone without...
Security Advisory - DoS Vulnerability of Audio Driver in Some Huawei Smartphones
Audio driver has a denial of service DoS vulnerability in some Huawei smart phones. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot...
Security Advisory - DoS Vulnerability in Wi-Fi Driver of Some Huawei Smart Phones
There is a Denial of Service DoS vulnerability in Wi-Fi driver of some Huawei smart phones. An attacker may trick a user into installing a malicious application and the application can access invalid address of driver to crash the system. Vulnerability ID: HWPSIRT-2017-04153 This vulnerability ha...
Security Advisory - Brute-force attack of Users' Safe Password in the Files APP in Huawei Mobile Phones
The Files APP in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak. Vulnerability ID...
Security Advisory - Input Validation Vulnerability in Multiple Huawei Products
There is an input validation vulnerability in Huawei Multiple products. Due to the lack of input validation on the device, a remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial ...
Security Advisory - Buffer Overflow Vulnerability in Driver of Huawei Smart Phone
The ddrdevfreq driver of some Huawei products has buffer overflow vulnerability due to the lack of a parameters check. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to...
Security Advisory - Phone Finder Bypass Vulnerability in Huawei Smart Phones
Phone Finder is a Huawei security method that was designed to make sure someone can't just wipe and factory reset the phone if user lost it or it was stolen. The Phone Finder in some Huawei smart phones can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System...
Security Advisory - DoS Vulnerability in Multiple Huawei Products
There is an denial of service DoS vulnerability in multiple Huawei products. An attacker with specific permission can craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition. Vulnerability ID: HWPSIRT-2016-07088 This vulnerability has been...
Security Advisory - DoS Vulnerability in Multiple Huawei Devices
There is a denial of service DoS vulnerability in multiple Huawei devices. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation ProtocolRSVP packet and send it to the device, causing a few buffer overflows and occasional device restart. Vulnerability I...