1006 matches found
Security Advisory - Plaintext User Password Vulnerability in VCN500 Logs
Huawei VCN500 Video Cloud Node logs user passwords in plaintext for specific operations on the certain interface, leading to user password leakage. Vulnerability ID:HWPSIRT-2015-09032 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2015-8335. Huawei has...
Security Advisory - Information Leak Vulnerability in FusionCompute Products
There is a vulnerability in FusionCompute that enables common users to query unauthorized information. An attacker can exploit this vulnerability to query other users' information, leading to information leaks. Vulnerability ID: HWPSIRT-2015-10048 This vulnerability has been assigned Common...
Security Advisory - VCM User Horizontal Privilege Escalation Vulnerability
Huawei Video Content Management VCM system does not properly authenticate online users' identities and privileges, which leads to users' horizontal privilege escalation. An attacker may craft malicious messages, send them to the server, and perform illegitimate operations on cases created by othe...
Security Advisory-Two Security Vulnerabilities in the ME906 Wireless Module
ME906 is a mobile Internet access module. The module supports LTE, WCDMA, EVDO, and GSM. The product uses the M.2 interface, supports Windows 7 and Windows 8.1, and is intended for laptop and tablet OEM. This security advisory SA describes the impact of two vulnerabilities. These vulnerabilities...
Security Advisory-File Upload Vulnerability on Huawei Honor Cube Wireless Router WS860s
Huawei Honor Cube wireless router WS860s supports the file upload function. It allows users to access its files through the web page. As the device is unable to verify every type of file to be uploaded and does not strictly restrict the file access path through the web page, attackers may upload...
Security Advisory - Insufficient Integrity Check Vulnerability in Huawei Sound X Product
There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Vulnerability ID: HWPSIRT-2020-00213 This...
Security Advisory - Integer Overflow Vulnerability in Huawei Smartphone
There is an integer overflow vulnerability in Huawei smartphone. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer overflow. This can compromise normal service...
Security Advisory - Denial of Service Vulnerability in Several Smartphones
There is a denial of service vulnerability in several smartphones. The system does not properly limit the depth of recursion, an attacker should trick the user installing and execute a malicious application. Successful exploit could cause a denial of service condition. Vulnerability ID:...
Security Advisory - Missing Initialization of Resource Vulnerability in Some Huawei SmartPhones
Missing Initialization of Resource Vulnerability in Some Huawei Smart Phones. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions. Vulnerability...
Security Advisory - Denial of Service Vulnerability in Huawei FusionAccess Product
There is a Denial of Service DoS vulnerability in Huawei FusionAccess Product. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through other device on the same network. Successful exploit could cau...
Security Advisory - Double Free Memory Vulnerability in Huawei Products
There is a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service. Vulnerability ID: HWPSIRT-2019-12420 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID...
Security Advisory - Use After Free Vulnerability on Several Smartphones
There is a use after free vulnerability on certain driver component in smartphone. An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition. Vulnerability...
Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products
There is a weak algorithm vulnerability in some Huawei products. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key...
Security Advisory - Invalid Memory Access Vulnerability in Some Huawei Products
There is an invalid memory access vulnerability in some Huawei products. An unauthenticated attacker has to find a way to send malformed SCCP messages to the affected products. Due to insufficient input validation of some values in the messages, successful exploit may cause buffer error and some...
Security Advisory - Buffer Overflow Vulnerability in Inputhub Driver of Huawei Smart Phone
The inputhub driver of some Huawei mobile phones has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and the APP may sends specific data to the inputhub driver to exploit this vulnerablity, successful exploit could...
Security Advisory - Information Leak Vulnerability in Some Huawei Products
There is an information leak vulnerability in the NFC Near Field Communication module of some Huawei mobile phones. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will cause some information leak...
Security Advisory - Arbitrary URL Loading Vulnerability in TripAdvisor
The TripAdvisor app pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained ...
Security Advisory - Information Disclosure Vulnerability in CIDAM Protocol on Huawei Products
Part of Huawei Products use the CIDAM protocol, which contains sensitive information in the message when it is implemented. So these products has an information disclosure vulnerability. An authenticated remote attacker could track and get the message of a target system. Successful exploit could...
Security Advisory - DoS Vulnerability in Some Huawei Smart Phones
Some Huawei smart phones have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System InformationSI messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart...
Security Advisory - Multiple Vulnerabilities in Some Huawei Products
There are two buffer overflow vulnerabilities in some Huawei products. An unauthenticated, remote attacker may send specially crafted SIP packages to the affected products. Due to the insufficient validation of some values for SIP packages, successful exploit may cause services abnormal...
Security Advisory - Resource Exhaustion Vulnerability on Several Products
There is a resource exhaustion vulnerability on several products. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack...
Security Advisory - Buffer Overflow Vulnerability on Several Products
There is a buffer overflow vulnerability on several products. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot. Vulnerability ID:...
Security Advisory - Permission Control Vulnerability in Smart Phones
Some Huawei Smart phones have a permission control vulnerability. Due to improper authorization configuration on specific device information, an attacker with the root privilege can exploit this vulnerability to modify specific device information. Vulnerability ID: HWPSIRT-2017-08157 This...
Security Advisory - DoS Vulnerability in Huawei Firewall Products
There is a DoS vulnerability in some Huawei firewall products. Due to insufficient input validation, a remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause the device...
Security Advisory - Privilege Escalation Vulnerability in Huawei ME906S Products
There has a privilege elevation vulnerability in ME906S Products. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing t...
Security Advisory - Privilege Escalation Vulnerability in Some Huawei APKs
Some Huawei APKs have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead t...
Security Advisory - Arbitrary Memory Write Vulnerability in Some Huawei Smart Phones
The boot loaders of some Huawei mobile phones have a arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory...
Security Advisory - Memory Double Free Vulnerability in Touch Panel Driver of Some Huawei Smart Phones
The Touch Panel TP driver of some Huawei smart phones has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which coul...
Security Advisory - Buffer Overflow Vulnerability in Emergdata Driver of Huawei Smart Phones
The emergdata driver of some Huawei smart phones has a buffer overflow vulnerability due to the lack of a parameters check. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart pho...
Security Advisory - Improper Permission Control Vulnerability in Huawei Vmall Alert Service
The AlarmService component in Huawei Vmall has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience. Vulnerability ID: HWPSIRT-2016-11067...
Security Advisory - Phone Activation Bypass Vulnerability in Huawei Smartphones
There is a phone activation bypass vulnerability in Huawei smartphones. Successful exploit could allow an unauthenticated attacker to bypass phone activation to settings page of the phone. Vulnerability ID: HWPSIRT-2016-12004 This vulnerability has been assigned CVE ID: CVE-2017-2705. Huawei has...
Security Advisory - Buffer Overflow Vulnerability in Wi-FI Driver of Huawei Smart Phone
The Wi-Fi driver of some Huawei products has buffer overflow vulnerability due to the lack of a parameters check. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege...
Security Advisory - Integer Overflow Vulnerability in Some Huawei Devices
Some Huawei devices have an integer overflow vulnerability. Due to the lack of validation in some field of the packet, a remote, unauthenticated attacker may craft specific IPFPM packets, probably causing the device to reset. Vulnerability ID: HWPSIRT-2016-04030 This vulnerability has been assign...
Security Advisory - Improper Input Validation Vulnerability in AnyMail
Huawei AnyMail has an improper input validation vulnerability when opening compressed email attachments. Successful exploit could cause AnyMail to crash and exit. Vulnerability ID: HWPSIRT-2016-06099 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2016-6826...
Security Advisory - Cleartext Storage of Crytographic Key Vulnerability in FusionCompute
FusionCompute has a key cleartext storage vulnerability. Successful exploit could allow an attacker to obtain AES keys. Vulnerability ID: HWPSIRT-2016-06076 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2016-6827. Huawei has released software updates to fix...
Security Advisory - A Security Vulnerability of Using Insecure Random Numbers to Generate Self-signed Certificates in Huawei Products
Some Huawei products automatically generate self-signed certificates upon the first use. The random numbers used to generate these certificates are not random enough. Different devices' certificates may use the same random number consequently, which contains the risk of an attacker compromising t...
Security Advisory - SQL Injection Vulnerability in Policy Center Product
Huawei Policy Center dynamically allocates network resources in a unified manner, enabling the network to provide services with more agility. The Policy Center has a SQL injection vulnerability. After logging in to the target device, a remote attacker could exploit this vulnerability by grafting...
Security Advisory - Input Check Vulnerability in Huawei Smart Phone
There is a vulnerability in a Huawei smart phone that does not validate input parameter. The attacker tricks the user to install a malicious application to obtain system or camera privilege and then can exploit the vulnerability to make the product system panic. Vulnerability ID: HWPSIRT-2015-110...
Security Advisory - Improper User Privileges Vulnerability in VCN500
The operation and maintenance unit OMU of Huawei VCN500 Video Cloud Node does not configure user privileges properly. By exploiting this vulnerability, ordinary users can modify the IP address of the media server in system management by sending specially crafted packets to the OMU interface,...
Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products
VP9660 is the multi-point control unit of Huawei Video Conference system. The server of the Huawei VP9660 does not validate the input when using build-in WebServer. In such case, an attacker could log in to the device as an business administrator, graft a message to change the specific informatio...
Security Advisory - DoS Vulnerability in Camera Driver of Huawei Products
Some Huawei products have a DoS vulnerability. An attacker who has the system or camera permission can input invalid parameters into the camera driver program to crash the system. Vulnerability ID: HWPSIRT-2015-09013 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID...
Security Advisory - DoS Vulnerability in GPU Driver of Huawei Products
Some Huawei products have a DoS vulnerability. An attacker may trick a user into installing a malicious application and use it to input invalid parameters into the GPU driver program of the products, which can crash the system of the device. Vulnerability ID: HWPSIRT-2015-09017 This vulnerability...
Security Advisory - DHCP Snooping Vulnerability in Huawei Multiple Products
Multiple Huawei products have "DHCP Snooping" function. When the "option82 insert" or "option82 rebuild" is enabled on interface, the device is not able to parse some specific DHCP packet correctly, making the device restart. Vulnerability ID:HWPSIRT-2015-08052 This vulnerability has been assigne...
Security Advisory-Authority Control Vulnerability in Quidway Switches
Huawei Quidway switches have the authority control vulnerability in access authentication, which may be exploited by attackers to obtain higher access permissions. Vulnerability ID: HWPSIRT-2014-11119 This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2015-1460...
Security Advisory-DoS Vulnerability in Eudemon8000E
Huawei Eudemon8000E firewall allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process become slowly and users may be unable to log in to the device HWPSIRT-2014-0101. This Vulnerability has bee...
Security Advisory-Vulnerability in Image Upload of User-defined Devices to Huawei eSight System
Huawei eSight System is an operation and maintenance system that Huawei develops for next-generation wireless/wired enterprise campus networks, enterprise branches, and data centers. When users adapt new devices for it, the server verifies the format of the files to be uploaded unsuccessfully...
Security Advisory- Web Interface Authentication Bypass Vulnerability in Huawei Tecal RH2285 V2 Server
Tecal RH2285 V2 is a next-generation 2 U 2-socket rack server. Featuring two Intel® Xeon® E5-2400 series processors, the RH2285 V2 provides large storage capacity, flexible scalability, and superb cost-effectiveness, which is an ideal hardware platform for big data and distributed storage...
Security Advisory - Huawei VSM Default User Groups’ Privilege Escalation
VSM Versatile Security Manager is a unified security service management system launched by Huawei for carrier and enterprise customers. VSM contains a vulnerability that default user groups’ privilege could be escalated when one user logs in to the system to modify default user groups’ permission...
Security Advisory-Web server vulnerabilities on Huawei E585 pocket Wi-Fi 2 device
HUAWEI E585 Wireless Modem is the terminal which can realize the high-speed wireless network access. The access is realized by the connection between USB interfaces and PCs or by the connection between WiFi and many wireless devices. In the network coverage area of HSPA/UMTS or EDGE/GPRS/GSM, use...
Security Advisory - Memory Overflow Vulnerability in Some Huawei Smart Speakers
Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail.Vulnerability ID:HWPSIRT-2022-52860 This vulnerability has been assigned a CVEID:CVE-2022-48681...