1006 matches found
Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone
There is an improper authentication vulnerability in some Huawei smartphone. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. Vulnerabili...
Security Advisory - Command Injection Vulnerability in OpsMonitor
There is a command injection vulnerability in OpsMonitor service. Due to lack of validation of user input, an authenticated user may inject malicious command into the affected products, causing command execution with root privilege in OpsMonitor service. Vulnerability ID: HWPSIRT-2017-10062 Huawe...
Security Advisory-Buffer Overflow on Heap When Parsing Http Response in HTTP Module
Branch Intelligent Management System BIMS and Web management is provided by Huawei for network and device management. Both BIMS and Web management use HTTP. Therefore, to use BIMS and Web management, you must enable HTTP. Attackers can make heap overflow by sending malformed HTTP Response message...
Security Advisory-HTTP Session Management Vulnerability in HTTP Module
Branch Intelligent Management System BIMS and Web management is provided by Huawei for network and device management. Both BIMS and Web management use HTTP. Therefore, to use BIMS and Web management, you must enable HTTP. Because HTTP session ID generation is weak and predictable, an attacker can...
Security Advisory - Input Validation Vulnerability in Wi-Fi Driver of Huawei Smart Phones
There is an input validation vulnerability in the Wi-Fi Driver of some Huawei smart phones. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege. Vulnerability ID:...
Security Advisory - A Security Vulnerability of Using Insecure Random Numbers to Generate Self-signed Certificates in Huawei Products
Some Huawei products automatically generate self-signed certificates upon the first use. The random numbers used to generate these certificates are not random enough. Different devices' certificates may use the same random number consequently, which contains the risk of an attacker compromising t...