1006 matches found
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
Some Huawei products have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol LDP packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet,...
Security Advisory - Command Injection Vulnerability in Huawei FusionAccess
There is a command injection vulnerability in Huawei FusionAccess due to the lack of input validation. A remote attacker with specific permission could inject an Lightweight Directory Access ProtocolLDAP operation command into a specific input variable to obtain sensitive information from the...
Security Advisory - DLL Hijacking Vulnerability on Huawei HiSuite
The HiSuite is mobile assistant software on PCs. This software contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code...
Security Advisory - Buffer Overflow Vulnerability in Some Videoconference Products
The VP9660, VP9650, and VP9630 are Multipoint Control Units MCUs. As the core devices in videoconferencing systems, they provide endpoint access and conferencing functions. The three devices use the same software, namely, HUAWEI VP9660. The RSE6500 is a multimedia video conferencing server with...
Security Advisory - Input Validation Vulnerability in Multiple Huawei Products
There is an input validation vulnerability in Multiple Huawei products, when the debug switch on the device is enabled, an attacker with network access may exploit this vulnerability by crafting malformed DNS packets and sending them to the target device. As for the lacking of input validation, a...
Security Advisory - Two DoS Vulnerabilities in the HIFI Driver of Huawei Smart Phone
Some Huawei smart phones have two DoS Denial of Service security vulnerabilities in the HIFI driver. An attacker may trick a user into installing a malicious application and use the application to input null pointer as parameter, which can reboot the system. Vulnerability ID: HWPSIRT-2015-10038 a...
Security Advisory - DoS Vulnerability in Huawei eSpace 8950 IP Phone
When Huawei eSpace 8950 IP phone receive some type of malicious ARP packets, memory leak may occur on the network interface card. When the memory is overloaded by such packets, the IP phone restarts Vulnerability ID: HWPSIRT-2015-08041. This vulnerability has been assigned Common Vulnerabilities...
Security Advisory - Insufficient Input Verification Vulnerability in the FusionAccess
FusionAccess is a kind of virtual desktop applications based on Huawei cloud platform. Through the deployment of Huawei desktop cloud software on the cloud platform, customers can access the cloud desktop by the thin client device or other devices. There is an insufficient input verification...
Security Advisory - IP Option Improper Handling Vulnerability in Multiple Huawei Products
Multiple Huawei Products have an improper IP option handling vulnerability. The IP stack implementation in multiple Huawei products mishandles IP options when a crafted ICMP request message is received, leading to the board reboot Vulnerability ID: HWPSIRT-2015-02003. This Vulnerability has been...
Security Advisory - Privilege Escalation Vulnerability in Huawei Mate7
Android versions earlier than 5.0 are affected by the vulnerability, which allows an attacker to escalate privilege. Huawei Mate7 is affected by the vulnerability Vulnerability ID: HWPSIRT-2015-01043. This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2014-791...
Security Advisory- SSH Username Information Disclosure Vulnerability in Huawei Campus Switch
Some versions of Huawei Campus switch series products S9300/S9300E/S7700/S9700 /S5700/S6700/S5300/S6300/S2300/S2700/S3300/S3700 are affected by username information disclosure vulnerability. When the maintenance terminal of a Huawei Campus switch uses SSH to log in to a server, attackers can gues...
Security Advisory - Inappropriate Interface access Control Vulnerability in a Huawei PC Product
A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMRAM leaks.Vulnerability ID:HWPSIRT-2023-98172 This vulnerability has been assigned a CVEID:CVE-2023-52712...
Security Advisory - Identity Authentication Bypass Vulnerability in Huawei HiLink AI Life Product
Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.Vulnerability ID:HWPSIRT-2022-42291 This vulnerability has been assigned a CVEID:CVE-2022-48470...
Security Advisory - System Command Injection Vulnerability in a Huawei Printer Product
A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution.Vulnerability ID:HWPSIRT-2022-90114 This vulnerability has been assigned a CVEID:CVE-2022-48255...
Security Advisory - Information Leak Vulnerability in Huawei Products
There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Vulnerability ID: HWPSIRT-2020-32489 This vulnerability...
Security Advisory - Privilege Escalation Vulnerability in Huawei Smartphone
There is a privilege escalation vulnerability on Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion. Vulnerability ID: HWPSIRT-2020-00070 This...
Security Advisory - Insufficient Authentication Vulnerability in Some Huawei Products
There is an insufficient authentication vulnerability in some Huawei products. An attacker may exploit the vulnerability to delete some files and cause some services abnormal. Vulnerability ID: HWPSIRT-2020-05066 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...
Security Advisory - Buffer Overflow Vulnerability in Several Smartphones
There is a buffer overflow vulnerability in several products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high...
Security Advisory - Improper Privilege Management Vulnerability in FusionShpere Product
There is an improper permissions management vulnerability in FusionShpere product. The software does not incorrectly performs a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege. Vulnerabilit...
Security Advisory - Input Validation Vulnerability in Huawei Products
There is an out-of-bound read vulnerability that the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service. Vulnerability ID: HWPSIRT-2019-12419 This vulnerability has been assigned a Common...
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
There is Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker can login the Talkback mode and can perform some operations to access the setting page. As a result, t...
Security Advisory - Race Condition Vulnerability on Several Smartphones
There is a race condition vulnerability on certain driver of smartphone. An attacker tricks the user into installing a malicious application, which make multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code. Vulnerability ID:...
Security Advisory - Information Leakage Vulnerability on Several Huawei Products
There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of...
Security Advisory - Lock-screen Bypass Vulnerability in Huawei Smartphones
There is a lock-screen bypass vulnerability in radio module of some Huawei smartphones. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this vulnerability. Vulnerability ID: HWPSIRT-2018-04055 This vulnerability has...
Security Advisory - FRP Bypass Vulnerability in Some Huawei Smart Phones
There is Factory Reset Protection FRP bypass vulnerability in some Huawei smart phones. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally. Vulnerability...
Security Advisory - Information Leak Vulnerability in the NFC Module of Some Huawei Mobile Phones
There is an information leak vulnerability in the Near Field Communication NFC module of some Huawei mobile phones due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain...
Security Advisory - Fingerprint Unlocking Vulnerability on Smartphones
There is a fingerprint unlocking vulnerability on smartphones. If there are crackles on the fingerprint collector cover, the software would consider and learn the crackles as fingerprint feature when user press his finger on the cover to unlock the phone. So after lots of normal fingerprint...
Security Advisory - Out-Of-Bounds Read Vulnerability in Some Huawei Products
Some Huawei products have an out-of-bounds read vulnerability due to insufficient input validation. An unauthenticated, remote attacker could exploit this vulnerability by sending malformed Session Initiation ProtocolSIP packets to the target device. Successful exploit could make the device read...
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
There is buffer overflow vulnerability in some Huawei products. An unauthenticated, remote attacker may send specially crafted certificates to the affected products. Due to insufficient validation of the certificates, successful exploit may cause buffer overflow and some service abnormal...
Security Advisory - Multiple Security Vulnerabilities in the IKEv2 Protocol Implementation of Huawei Products
There have multiple vulnerabilities in the IKEv2 protocol on some Huawei products. IKEv2 has an out-of-bounds write vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory write, which may further lead to system...
Security Advisory - Memory Leak Vulnerability in Several Huawei Products
There is a memory leak vulnerability in several Huawei products. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory...
Security Advisory - Memory Leak Vulnerability in Several Huawei Products
There is a memory leak vulnerability in several Huawei products. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory...
Security Advisory - DoS Vulnerability in Some Huawei Products
There is a DoS vulnerability caused by memory exhaustion in some Huawei products. For insufficient input validation, attackers can craft and send some malformed messages to the target device to exhaust the memory of the device and cause a Denial of Service DoS. Vulnerability ID: HWPSIRT-2016-1210...
Security Advisory - Use After Free Vulnerability in Some Huawei Smart Phones
There is a use after free UAF vulnerability in some Huawei mobile phones. An attacker tricks a user into installing a malicious application, and the application can riggers access memory after free it. A local attacker may exploit this vulnerability to cause the mobile phone to crash. Vulnerabili...
Security Advisory - Integer Overflow Vulnerability on Several Products
There is an integer overflow vulnerability on several products. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could system reboot. Vulnerability ID: HWPSIRT-2017-010...
Security Advisory - Buffer overflow Vulnerability in CameraISP Driver of Huawei Smart Phone
The CameraISP driver of some Huawei smart phones has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot...
Security Advisory - Out-of-Bounds Memory Access Vulnerability in the Boot Loaders of Huawei Mobile Phones
The boot loaders of some Huawei mobile phones have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer...
Security Advisory - Two Buffer Overflow Vulnerabilities in the GaussDB
There is a buffer overflow vulnerability in the type conversion function of the GaussDB. An attacker logs in to the system as a common user and craft malformed packets, which could be exploited to perform a denial of service attack or possibly remote code execution on the GaussDB. Vulnerability I...
Security Advisory - Buffer Overflow Vulnerability in Goldeneye Driver of Huawei Smart Phones
The goldeneye driver of some Huawei smart phones has buffer overflow vulnerability due to the lack of a parameters check. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone...
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Storage Products
Some Huawei storage products have a privilege escalation vulnerability due to the lack of input validation. Attackers with administrator privilege could inject command into specific command’s parameters, and run this injected command with root privilege. Vulnerability ID: HWPSIRT-2016-05004 This...
Security Advisory - XSS Vulnerability in Huawei eSpace IAD
Huawei eSpace Integrated Access Device IAD has a reflected cross-site scripting XSS vulnerability. An attacker could trick a user into clicking a URL containing malicious scripts. Then the user's browser may receive a response from the eSpace IAD and execute the malicious scripts. Successful...
Security Advisory - DOS Vulnerability in Video Driver of Huawei Smart Phone
There is a Denial of Service DoS vulnerability in the video driver of some Huawei products. An attacker may trick a user into installing a malicious application, and the application can send given parameter to video driver to reboot the system. Vulnerability ID: HWPSIRT-2016-08046 This...
Security Advisory - Information Leak Vulnerability in Huawei Smart Phones
Some Huawei smartphones have an information leak vulnerability due to improper security status verification. An attacker may use a rogue base station to obtain information about subscribers' signal strengths. Vulnerability ID: HWPSIRT-2015-12007 This vulnerability has been assigned Common...
Security Advisory - Input Validation Vulnerability in Huawei AR3200
There is an input validation vulnerability in Huawei AR3200, which allows an attacker who logs into the device to send malformed packets, causing the AR3200 occasionally restart and a Denial of Service. Vulnerability ID: HWPSIRT-2015-10047 This vulnerability has been assigned Common Vulnerabiliti...
Security Advisory - DoS Vulnerability in FusionCompute
FusionCompute is a cloud OS software for virtualization of hardware resources and central management of virtual, service, and user resources. A DoS vulnerability exists in FusionCompute. An attacker can send abnormal packets as an ordinary user to exhaust system resources and make services...
Security Advisory - DoS Vulnerability in Huawei S Series Switches
Multiple models of Huawei S series switches have a DoS vulnerability. When an attacker controls or impersonates a server connected to a switch, the attacker can send malicious attack packets to the switch to cause it to restart and make it unavailable. Vulnerability ID: HWPSIRT-2015-12022 This...
Security Advisory - Permission Control Vulnerability in Some Huawei Switches
Some Huawei switches have a permission control vulnerability. If a switch enables Authentication, Authorization and Accounting AAA for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal VTY access permission, resulting in privilege...
Security Advisory – Authentication Caused Memory Overflow Vulnerability in Some Huawei Switch Products
The user authentication module in some Huawei switch products has the memory overflow vulnerability that can cause device restart when users log in improperly Vulnerability ID: HWPSIRT-2015-02014. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2015-2800...
Security Advisory - Incorrect Privilege Assignment Vulnerability in Huawei Whole-Home Intelligence Software
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. Vulnerability ID:HWPSIRT-2022-90086 This vulnerability has been assigned a CVE ID:...
Security Advisory - Improper Input Validation Vulnerability in a Huawei Children's Watch
Huawei Aslan Children's Watch has an improper input validation vulnerability. Successful exploitation may cause the watch's application service abnormal. Vulnerability ID:HWPSIRT-2022-53187 This vulnerability has been assigned a CVE ID: CVE-2022-39012...