1006 matches found
Security Advisory - Use after Free Vulnerability in Huawei Product
There is a use after free vulnerability on Huawei smartphones. A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would...
Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone
There is an out of bound read vulnerability in Huawei smartphones. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service...
Security Advisory - Insufficient Authentication Vulnerabilities in Some Huawei Smart Phone Product
There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. Vulnerability ID: HWPSIRT-2019-12302 Th...
Security Advisory - Information Disclosure Vulnerability in Several Products
There is an information disclosure vulnerability in several products. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure. Vulnerability...
Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone
There is an improper authentication vulnerability in some Huawei smartphone. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. Vulnerabili...
Security Advisory - FRP Bypass Vulnerability on Smartphones
There is a Factory Reset Protection FRP bypass vulnerability on some Huawei smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the...
Security Advisory - Plug-in Signature Bypass Vulnerability in Some Huawei Products
There is a plug-in signature bypass vulnerability in some Huawei products due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root...
Security Advisory - Buffer Error Vulnerability in Some Huawei Products
There are a buffer error vulnerability in Electronic Numbers to URI Mapping ENUM module some Huawei products. An unauthenticated, remote attacker has to control the peer device and send specially crafted ENUM packets to the affected products. Due to insufficient verification of some values in the...
Security Advisory - Integer Overflow Vulnerability on Smartphones
There is an integer overflow vulnerability on smartphones. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit...
Security Advisory - Multiple Vulnerabilities in Some Huawei Products
There are two buffer overflow vulnerabilities in some Huawei products. An unauthenticated, remote attacker may send specially crafted SIP packages to the affected products. Due to the insufficient validation of some values for SIP packages, successful exploit may cause services abnormal...
Security Advisory - Memory Leak Vulnerability in Some Huawei AntiDDOS Products
Some Huawei AntiDDOS products have a memory leak vulnerability due to memory don't be released when the system open some function. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. Vulnerability ID: HWPSIRT-2017-06145 This vulnerability has been...
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
Some Huawei products have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to writ...
Security Advisory - Denial of Service Vulnerability on Several Huawei Products
There is a denial of service vulnerability on several products. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A remote unauthenticated attacker could send a lot of crafted SSL messages to the device, successful exploit could cause no space in t...
Security Advisory - Memory Leak Vulnerability in Some Huawei Network Products
Patch module of some Huawei products have a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally. Vulnerability ID: HWPSIRT-2016-08051 This vulnerability has been assigned a CVE I...
Security Advisory - Information Leakage Vulnerability on OceanStor
There is an information leakage vulnerability on OceanStor. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information. Vulnerability ID: HWPSIRT-2017-06256 This vulnerability has been assigned a Common Vulnerabilities and...
Security Advisory - Plaintext Storage of Users’ Safe Passwords in the Files APP in Huawei Mobile Phones
The Files APP in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. Vulnerability ID: HWPSIRT-2017-03222 Th...
Security Advisory - DoS Vulnerability in Some Huawei Products
There is a denial of service DoS vulnerability in some Huawei smart phones due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of...
Security Advisory - DoS Vulnerability in Vibrator Service of Huawei Smart Phones
The vibrator service of some Huawei smart phones has DoS vulnerability due to the lack of a parameters check. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the system...
Security Advisory - DOS Vulnerability in ION Memory Management Module of Huawei Smart Phone
A denial of service DoS vulnerability exists in the ION memory management module of some Huawei mobile phones. An attacker may trick a user into installing a malicious app to send specific parameters to a Huawei mobile phone. Successful exploit could cause the system to restart.Vulnerability ID:...
Security Advisory - Defense Mechanism Bypass Vulnerability in Huawei USG Products
There is a defense mechanism bypass vulnerability in Huawei USG products. Successful exploit could allow an attacker to bypass the anti-DDoS module of the USGs to send massive HTTP packets, possibly causing a denial of service condition on the backend server. Vulnerability ID: HWPSIRT-2016-07050...
Security Advisory - Buffer Overflow Vulnerability in Huawei USG Products
The Point-to-Point Protocol over Ethernet PPPoE module of the USG has a buffer overflow vulnerability. When Challenge Handshake Authentication Protocol CHAP authentication is configured on the server, an attacker may send abnormal attack packets to the server during authentication to cause buffer...
Security Advisory - Token Transmission in Plaintext Vulnerability in OceanStor Products
The OceanStor 5300 V3/5500 V3/5600 V3/5800 V3/6800 V3/ 18800 V3/18500 V3 are mid-range and high-end storage products newly developed by Huawei Technologies Co., Ltd Huawei for short. This series is ideal for processing existing storage applications and follows the future development trend of...
Security Advisory - ICMPv6 DoS Vulnerability in Huawei Switches
Multiple Huawei switches improperly release memory for ICMPv6 packets of a specific type. After the switch receives a specially crafted ICMPv6 packet, memory leak occurs, causing the switch to restart if the allocated memory is exhausted. Vulnerability ID: HWPSIRT-2015-11034 This vulnerability ha...
Security Advisory - DoS Vulnerabilities in Driver of Huawei Smart Phones
There is a Denial of Service DoS vulnerability in ION driver and Maximsmartpadev driver in some Huawei smart phones respectively. An attacker may trick a user into installing a malicious application and the application can access invalid address of driver to crash the system. Vulnerability ID:...
Security Advisory - VCN500 SQL Injection Vulnerability
The operation and maintenance unit OMU of Huawei VCN500 Video Cloud Node does not validate parameters of received HTTP requests, which allows an attacker to launch the SQL injection attack against VCN500 by sending manually crafted packets. Vulnerability ID: HWPSIRT-2015-09016 This vulnerability...
Security Advisory-Information Disclosure Vulnerability on E355s Mobile WiFi
E355s have an information disclosure vulnerability that could be exploited by an attacker to graft attack commands or capture network communications to obtain the configuration and user information without login Vulnerability ID: HWPSIRT-2015-02002. This Vulnerability has been assigned Common...
Security Advisory-Privilege Escalation Vulnerability in IPMICommand of the HMM Software in a Huawei Server Product
The Hyper Module Management HMM software of some Huawei server products has a security vulnerability. When the operator of the HMM software uses the IPMICommand to perform operations on the iMana software, the operator can modify the user configuration of iMana through privilege escalation...
Security Advisory-Memory Overflow Vulnerabilities on Huawei E5332 Webserver
Huawei E5332 wireless router has the following two memory overflow vulnerabilities: Memory overflow occurs when the E5332 Webserver parses a specially crafted HTTP request message, causing the device reboot Vulnerability ID: HWPSIRT-2014-0861. This Vulnerability has been assigned Common...
Security Advisory-Improper Input Validation Vulnerability on Multiple Quidway Switch Products
Reported by the internal R&D engineers, several switch products does not validate the input properly. This vulnerability enables attacker to launch DoS attack by crafting and sending malformed packet to these vulnerable products Vulnerability ID: HWPSIRT-2014-0301. This Vulnerability has been...
Security Advisory - Misinterpretation of Input Vulnerability in Huawei Printer
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal.Vulnerability ID:HWPSIRT-2022-78037 This vulnerability has been assigned a CVE ID: CVE-2022-48261...
Security Advisory - Resource Management Errors Vulnerability in Huawei Smartphone Product
There is a resource management errors vulnerability in Huawei smartphone product. Local attackers construct malicious application files, causing system applications to run abnormally. Vulnerability ID: HWPSIRT-2020-06020 This vulnerability has been assigned a Common Vulnerabilities and Exposures...
Security Advisory - Information Leak Vulnerability in Huawei Products
There is an information leak vulnerability in Huawei FusionCompute. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. Vulnerability ID: HWPSIRT-2020-05037 This vulnerability ha...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, successful exploit...
Security Advisory - Privilege Escalation Vulnerability in Huawei PCManager Product
There is a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID: HWPSIRT-2019-10117 This...
Security Advisory - Stored XSS Vulnerability in eSpace Desktop
There is a stored cross-site scripting XSS vulnerability in eSpace Desktop. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the...
Security Advisory - Authentication Bypass Vulnerability in Some Huawei Servers
The iBMC Intelligent Baseboard Management Controller of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some...
Security Advisory - Authentication Bypass Vulnerability in Some Pre-installed Apps on Huawei Phones
There is an authentication bypass vulnerability in some pre-installed apps on Huawei mobile phones due to insufficient validation on invocation requests. An attacker may trick a user into installing a malicious app which can invoke the open interfaces of the vulnerable apps to install any apps...
Security Advisory - Weak Algorithm Vulnerability on Huawei Products
There is a weak encryption algorithm security vulnerability in the DBS3900 TDD LTE. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit th...
Security Advisory - Buffer Error Vulnerability in Some Huawei Products
There is a buffer overflow vulnerability in the SCCP Signalling Connection Control Part module of some Huawei products. An attacker has to find a way to send malformed packets to the affected products repeatedly. Due to insufficient input validation, successful exploit may cause some service...
Security Advisory - Directory Traversal Vulnerability in Huawei eSpace Product
There is a directory traversal vulnerability in Huawei eSpace product. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash...
Security Advisory - Buffer Overflow Vulnerability in the Bluetooth Module of Some Huawei Mobile Phones
There is a buffer overflow vulnerability in the Bluetooth module of some Huawei mobile phones. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth AVDTP/AVCTP messages after successful paring, causing buffer overflow. Successful exploit may cause code execution...
Security Advisory - Integer Overflow Vulnerability on Smartphones
There is an integer overflow vulnerability on smartphones. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure. Vulnerability...
Security Advisory - Double Free Vulnerability in Flp Driver of Some Huawei Smart Phones
The Flp Driver of some Huawei smart phones has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service DoS attack. Vulnerability ID: HWPSIRT-2017-0813...
Security Advisory - Input Validation Vulnerability in Multiple Huawei Products
There is an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol SCTP packet and send it to the device, causing the device to read out of bounds and...
Security Advisory - Type Confusion Vulnerability on Huawei Smartphones
There is a type confusion vulnerability on Huawei smartphones. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then m...
Security Advisory - DoS Vulnerability in TLS of Some Huawei Products
There is a input validation vulnerability in some huawei products when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. Vulnerability ID: HWPSIRT-2017-03121...
Security Advisory - Permission Control Vulnerability in Smart Phones
Some Huawei Smart phones have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user. Vulnerability ID: HWPSIRT-2017-04123 This...
Security Advisory - Two Privilege Escalation Vulnerabilities in the GaussDB
There is a privilege escalation vulnerability in the validator functions of the GaussDB. An attacker may log in to the system as a low-privilege user and execute the high-privilege functions. Then, the attacker may obtain the high-privilege of the GaussDB and crash the system. Vulnerability ID:...
Security Advisory - Path Traversal Vulnerability in Multiple Huawei Products
Multiple Huawei products have a path traversal vulnerability. Due to the insufficient path validation, an authenticated attacker may exploit this vulnerability to download some files without authorization, causing information leak. Vulnerability ID: HWPSIRT-2016-07025 This vulnerability has been...
Security Advisory - DoS Vulnerability in Multiple Huawei Products
There is a DoS vulnerability in some Huawei products. A remote attacker can directly access the device through a certain URL without login authentication, which can make the device restart. Vulnerability ID: HWPSIRT-2016-06063 This vulnerability has been assigned Common Vulnerabilities and...