1006 matches found
Security Advisory - Two Vulnerabilities in Huawei WS331a
Huawei WS331a is a Mini Wireless route. There is a Cross-site request forgery CSRF vulnerability in the management interface of WS331a products, an unauthenticated attacker could exploit this vulnerability to perform a CSRF attack. Successful exploit could allow the attacker to submit special...
Security Advisory - Integer Overflow Vulnerability in the OceanStor 5800
The OceanStor 5800 V3 Storage Systems are mid-range storage products newly developed by Huawei. The OceanStor 5800 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System NFS packets, causing an anomaly in specific disk arrays. Vulnerability...
Security Advisory - XSS Vulnerability in the Email App of Huawei Smartphone
There is a vulnerability due to the lack of output encoding for some particular characters in the email APP built in the affected Smart Phones. A successful exploitation of the vulnerability could allow an unauthenticated remote attacker to perform a cross-site scripting XSS attack and lead to...
Security Advisory - Vulnerability of No SSL Certificate Validation in Huawei Wear App and Hilink APP
A vulnerability of no SSL certificate validation exists in Huawei Wear APP and Hilink APP. These APPs still load the web page when accessing a website whose SSL certificate has issues, which brings risks to users. Vulnerability ID: HWPSIRT-2016-03008 This vulnerability has been assigned a Common...
Security Advisory - Integrity Protection Vulnerability in Huawei E3276s Products
The Huawei E3276s products have an integrity protection vulnerability. As a result, user communication can be intercepted, spoofed, and injected with traffic. Vulnerability ID: HWPSIRT-2016-02019 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2016-3676...
Security Advisory - Information Disclosure Vulnerability in the DSM
Huawei Document Security Management DSM provides document permission control. A vulnerability in the permission control module of DSM could lead to incorrect control over specific permissions on encrypted documents. Vulnerability ID:HWPSIRT-2015-12030 This vulnerability has been assigned Common...
Security Advisory - Privilege Escalation Vulnerability in Huawei Policy Center
Huawei Policy Center dynamically allocates network resources in a unified manner, enabling the network to provide services with more agility. Huawei Policy Center has a privilege escalation vulnerability. An attacker could log in to the device as a low-privilege user, craft a URL that contains...
Security Advisory - Integer Overflow Vulnerability in Graphics Driver of Huawei Smart Phone
Graphics drivers of some Huawei smart phones have a integer overflow issue due to the lack of a parameters check, which lead to a further heap overflow vulnerability. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to crash the...
Security Advisory - mDNS Message Improper Handling Vulnerability in Huawei WLAN AC Products
The mDNS module in Huawei WLAN AC products improperly processes mDNS packets and responds to mDNS unicast queries from outside the link local network e.g., the WAN, leading to information leaks.Vulnerability ID: HWPSIRT-2015-03024 The CVE No. of the vulnerability is CVE-2015-6586...
Security Advisory - DoS Vulnerability in Huawei MBB Product
Huawei MBB Mobile Broadband product E3272s has a Denial of Service DoS vulnerability. An attacker could send a malicious packet to the Common Gateway Interface CGI of target device and make it fail while setting port attribute, which cause a DoS attack. Vulnerability ID: HWPSIRT-2015-05103 This...
Security Advisory - Web UI Authentication Vulnerability in Huawei E5756S
Huawei E5756s has a web UI authentication vulnerability. As a result, an attacker can graft commands to view the device configuration information and perform operations, such as enabling PIN/PUK authentication without logging in to the web UI Vulnerability ID: HWPSIRT-2015-03016. This Vulnerabili...
Security Advisory-CSRF Vulnerability in Huawei HiLink Products
Several Huawei HiLink products have the CSRF Vulnerability. When users use these devices to visit websites that contain malicious scripts, the malicious scripts can exploit the vulnerability to change the configurations or use the functions of products. Vulnerability ID: HWPSIRT-2014-0243 This...
Security Advisory - Denial of Service Vulnerability in Some Huawei Products
There is a denial of service DoS vulnerability in some Huawei products. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. Vulnerability ID: HWPSIRT-2020-01270 This...
Security Advisory - Insufficient Integrity Check Vulnerability in Huawei Product
There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. Vulnerability ID:...
Security Advisory - Denial of Service Vulnerability in Huawei Smartphone
There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service DoS on the specific module. Vulnerability ID: HWPSIRT-2020-06018 This vulnerability has...
Security Advisory - Resource Management Error Vulnerability in Huawei CloudEngine 1800V Product
CloudEngine 1800V product has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally. Vulnerability ID: HWPSIRT-2020-86502 This vulnerability has been...
Security Advisory - Code Execution Vulnerability in Fastjson Affect Several Huawei Products
There is a code execution vulnerability in Fastjson affect several Huawei products. Fastjson is an opensource JSON parsing library, successful exploit could allow the attacker bypass the limit of autoType then execute code. Vulnerability ID: HWPSIRT-2020-05962 Huawei has released software updates...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in several smartphones. Certain function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. Vulnerability ID: HWPSIRT-2019-1010...
Security Advisory - Improper Authentication Vulnerability in Some Huawei CloudEngine Products
Products Switches Routers WLAN Storage See All Solutions Cloud Data Center Enterprise Networking Intelligent Computing Solutions by Industry See All Services Training and Certification Industry Cloud Enablement Service Improvement Service Customer Support Service See All Partner Find a Partner...
Security Advisory - DoS Vulnerability in Some Huawei Smart Phones
There is a denial of service DoS vulnerability in some Huawei smart phones. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until...
Security Advisory - DoS Vulnerability in Some Huawei MBB Products
Some Huawei MBB Mobile Broadband products have a Denial of Service DoS vulnerability. When an attacker accessing device sends special http request to device, the webserver process will try to apply too much memory which can cause the device to become unable to respond. An attacker can launch a Do...
Security Advisory - Invalid Memory Access Vulnerability in Some Huawei Products
There is an invalid memory access vulnerabilities in SCCPX module of some Huawei products. An unauthenticated, remote attacker may send specially crafted packets to the affected products. Due to insufficient validation of packets, successful exploit may cause some services abnormal. Vulnerability...
Security Advisory - Integer overflow Vulnerability in Bdat Driver of Huawei Smart Phone
The Bdat driver of some Huawei smart phones has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can send a specific parameter to the driver of the smart phone, causing...
Security Advisory - Information Disclosure Vulnerability on Huawei Smartphones
There is an information disclosure vulnerability on Huawei smartphones. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel...
Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones
Some Huawei smartphones have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some sensitive information in kernel memory, which may cause sensitive...
Security Advisory - Information Disclosure Vulnerability on Huawei Smartphones
There is an information disclosure vulnerability on Huawei smartphones. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information...
Security Advisory - DoS Vulnerability in Some Huawei Smart Phones
There is a denial of service DoS vulnerability in some Huawei smart phones. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable. Vulnerability ID: HWPSIRT-2017-09006 This vulnerability has bee...
Security Advisory - Authentication Bypass Vulnerability in the 'Find Phone' Function of Some Huawei Smart Phones
There is an authentication bypass vulnerability in the 'Find Phone' function of some Huawei smart phone. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally...
Security Advisory - DOS Vulnerability in Bastet Component of Huawei Smart Phone
The Bastet of some Huawei mobile phones has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. Vulnerability ID: HWPSIRT-2017-08155 This vulnerability has been...
Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones
Some Huawei smartphones have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the application can get the file that keep the cipher text of the SIM card PIN. Vulnerability ID:...
Security Advisory - Information Leak Vulnerability in Some Huawei Servers
Some Huawei servers have an information leak vulnerability. The servers allow users to select security encryption algorithms. If an insecure encryption algorithm is selected, an attacker may decrypt ciphertext data, causing information leaks. Vulnerability ID: HWPSIRT-2016-07019 This vulnerabilit...
Security Advisory - XSS Vulnerability in Huawei Public Cloud Solution
The Public Cloud Solution has a Cross-Site Scripting XSS vulnerability in volume backup service module. An attacker can insert special characters to modify server data. Vulnerability ID: HWPSIRT-2016-06017 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID:...
Security Advisory - Information Exposure Vulnerability in Huawei Ethernet Switch
There is an information exposure vulnerability in Huawei Ethernet switch. When uploading files to some directory, the user needs to enter the username and password. However, the system does not mask passwords. As a result, the password entered is displayed in plain text, leading to password leaks...
Security Advisory - DoS Vulnerability in Huawei LogCenter
Huawei LogCenter has a DoS vulnerability. After login to the LogCenter, an attacker can add abnormal device information to the log collection module. The LogCenter system does not verify input device information. As a result, the log collection module denies services. Vulnerability ID:...
Security Advisory - CF Card Information Leak Vulnerability on Multiple Huawei Products
The CF cards on some Huawei switches and ARs contain some sensitive information in plaintext. Once an attacker gets such a CF card, it may result in the leak of sensitive information HWPSIRT-2015-07048. Currently, official fixes are available...
Security Advisory- Local Denial of Service Vulnerability in Huawei Ascend P7
Huawei Ascend P7 Sophia-L09 uses Android 4.4, which is the upgrade version of EMUI 3.0. The phone module crashes when a third-party app sends specific broadcast messages or enables specific UIs. Vulnerability ID: HWPSIRT-2014-1233 This vulnerability has been assigned Common Vulnerabilities and...
Security Advisory-Improper User Permission Setting Vulnerability in Huawei eSpace Meeting
User permissions are not properly set on Huawei eSpace Meeting. Attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. HWPSIRT-2014-0241. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID:...
Security Advisory-Buffer Overflow on Stack in HTTP Module
Branch Intelligent Management System BIMS and Web management is provided by Huawei for network and device management. Both BIMS and Web management use HTTP. Therefore, to use BIMS and Web management, you must enable HTTP. Attackers can make stack overflow by sending messages with the URI whose...
Security Advisory - Buffer Overflow Vulnerability in Huawei Smartphone
There is a buffer overflow vulnerability in Huawei smartphone. A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service...
Security Advisory - Improper Buffer Operation Restrictions Vulnerability on Huawei Smartphone
There is a vulnerability of improper buffer operation in Huawei smartphone. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow. Vulnerability ID: HWPSIRT-2020-08183 This vulnerability has been assigned a Common...
Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone
There is a use-after-free UAF vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability. Vulnerability ID: HWPSIRT-2019-12405 This...
Security Advisory - Multiple Buffer Overflow Vulnerabilities in Some Huawei Products
There are three buffer overflow vulnerabilities in the SIP backup feature of some Huawei products. An attacker may send specially crafted messages to the affected products. Due to the insufficient validation of some values for SIP messages, successful exploit may cause services abnormal...
Security Advisory - Memory Double Free Vulnerability in GPU Driver of Some Huawei Smart Phones
The GPU driver of some Huawei smart phones has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could triggers double free and causes a system crash or arbitrary code execution. Vulnerability ID:...
Security Advisory - Authentication Bypass Vulnerability in the 'Find Phone' Function of some Huawei Smart Phones
The 'Find Phone' function of some Huawei smart phones has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the...
Security Advisory - Privilege Escalation Vulnerability in the FusionStorage
FusionStorage is a piece of distributed block storage software specifically designed for the storage infrastructure of cloud computing data centers. The maintenance module of Huawei FusionStorage has a privilege escalation vulnerability. After logging in to the FusionStorage successfully as a...
Security Advisory - Resource Management Vulnerability in Huawei Servers
Some Huawei servers have a resource management vulnerability in the iBMC Intelligent Baseboard Management Controller. A local attacker could exploit this vulnerability to exhaust iBMC resources and cause a denial of service. Vulnerability ID: HWPSIRT-2016-05251 This vulnerability has been assigne...
Security Advisory - Information Leak Vulnerability in Huawei FusionSphere Product
The open-source component Xenstore in the FusionSphere has an information leak vulnerability due to loose security settings. Successful exploit could allow an authenticated attacker to obtain partial information from virtual machines. Vulnerability ID: HWPSIRT-2016-06067. Huawei has released...
Security Advisory - Privilege Escalation Vulnerability in Huawei LogCenter
Huawei LogCenter has a privilege escalation vulnerability. After login to the LogCenter, a low privileged attacker can tamper with requests using a tool and submit the request to the server for privilege escalation, affecting some system functions. Vulnerability ID: HWPSIRT-2015-09020 This...
Security Advisory-XSS Security Vulnerability on Huawei E355
Huawei E355 portable 3G wireless routers have the stored cross-site scripting XSS vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users. Vulnerability ID: HWPSIRT-2014-0516 The CVE No. of the...
Security Advisory-Segment Fault When Parsing Http Request in Web server of E585
HUAWEI E585 Wireless Modem is the terminal which can realize the high-speed wireless network access. The access is realized by the connection between USB interfaces and PCs or by the connection between WiFi and many wireless devices. In the network coverage area of HSPA/UMTS or EDGE/GPRS/GSM, use...