1006 matches found
Security Advisory - Out-of-bounds Write Vulnerability in Some Huawei Products
There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Vulnerability...
Security Advisory - Denial of Service Vulnerability in Some Huawei Firewall Products
There is a Denial of Service DoS vulnerability in some firewall products. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSEC function of the affected...
Security Advisory - Information Leak Vulnerability in Some Huawei Product
Some Huawei mobile phones have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information. Vulnerability ID: HWPSIRT-2019-07076 This vulnerability has been assigned a Common...
Security Advisory - Out-Of-Bounds Read Vulnerability On Several Huawei Products
There is an out-of-bounds read vulnerability on several Huawei products. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a...
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Vulnerability ID...
Security Advisory - Denial of Service Vulnerability on Some Huawei Smartphones
There is a denial of service vulnerability on some Huawei smartphones. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in certain Huawei smartphones. An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. Vulnerability ID: HWPSIRT-2019-04101 This...
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
There is Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed...
Security Advisory - Command Injection Vulnerability in the GaussDB
The GaussDB has a command injection vulnerability. Due to the lack of input validation on some parameters, an attacker with low privilege may inject some specific command to modify database files, causing database service abnormal. Vulnerability ID: HWPSIRT-2017-05043 This vulnerability has been...
Security Advisory - Memory Leak Vulnerability in Some Huawei Routers
Some Huawei products have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol LDP packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet,...
Security Advisory - Buffer Overflow Vulnerabilities In Huawei Product
There is a buffer overflow vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to privilege escalation. Vulnerability ID: HWPSIRT-2022-66872 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2022-29797. For products that ha...
Security Advisory - Release of Invalid Pointer Vulnerability in Some Huawei Products
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Vulnerability ID: HWPSIRT-2021-64225 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2021-40042. This vulnerability w...
Security Advisory - Improper Permission Assignment Vulnerability in Some USB Dongle Products
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a MAC OS to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated...
Security Advisory - DLL Hijacking Vulnerability on Huawei HiSuite
The HiSuite is mobile assistant software on PCs. This software contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. Vulnerability ID: HWPSIRT-2019-10121...
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Vulnerability ID: HWPSIRT-2019-12128 and...
Security Advisory - Memory Leak Vulnerability in Some Firewall Products
There is a memory leak vulnerability in some firewall products. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust...
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user's desktop in an instant, without unlocking the screen lock of...
Security Advisory - Improper Validation Vulnerability in Several Smartphones
There is an improper validation vulnerability on several smartphones. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model , successful exploit could allow the attacker to get an...
Security Advisory - Buffer Overflow Vulnerability on Several Smartphones
There is a buffer overflow vulnerability on several smartphones, the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution...
Security Advisory - Information Leak Vulnerability on Some Huawei Smart Phones
There is an information leak vulnerability on some Huawei smart phones. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information. Vulnerability ID:...
Security Advisory - Stored Cross-Site Scripting Vulnerability in Huawei Email APP of Smartphones
There is a stored cross-site scripting vulnerability in Huawei Email APP of smartphones. The vulnerability is due to insufficient verification of parameter values. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user t...
Security Advisory - NTPd Security Vulnerability in Multiple Huawei Products
Huawei was notified about information released by NTP.org and CERT/CC regarding stack buffer overflow security vulnerabilities CVE-2014-9295 in NTP daemon ntpd on December 19th, 2014. Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary cod...
Security Advisory - Denial of Service Vulnerability in Some Huawei Products
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal. Vulnerability ID: HWPSIRT-2020-66984 This...
Security Advisory - Buffer Read Overflow Vulnerability in Huawei Smartphone
There is a buffer overflow vulnerability in Huawei smartphone. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. Vulnerability ID: HWPSIRT-2020-02173 This...
Security Advisory - Multiple Vulnerabilities in Some Huawei Products
There is an out-of-bounds read vulnerability in some Huawei products. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful...
Security Advisory - Brute Forcing Encrypted Backup Data Vulnerability on Huawei Smartphones
There is a vulnerability that Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. Vulnerability ID: HWPSIRT-2019-08102 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2019-5263. Huawei has...
Security Advisory - Command Injection Vulnerability in Huawei Products
There is a command injection vulnerability in Huawei products. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service. Vulnerability ID: HWPSIRT-2020-96403 This...
Security Advisory - Denial of Service Vulnerability in Some Products
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services abnormal. Vulnerability ID: HWPSIRT-2020-32540 This vulnerability has bee...
Security Advisory - Improper Information Processing Vulnerability in Huawei Products
There is a vulnerability that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to performs some operation can get information and cause information leak. Vulnerability ID: HWPSIRT-2020-36604 This vulnerability has been assigne...
Security Advisory - Local Privilege Escalation Vulnerability in Some Huawei Products
There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID: HWPSIRT-2020-60009 This...
Security Advisory - Buffer Read Overflow Vulnerability in Huawei Product
There is a buffer overflow vulnerability in Huawei Product. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. Vulnerability ID: HWPSIRT-2020-02172 This...
Security Advisory - Denial of Service Vulnerability in Some Huawei Home Routers
There is a denial of service vulnerability in some Huawei home routers. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abnormal. Vulnerability ID: HWPSIRT-2020-00069 This vulnerability has been assigned a Common...
Security Advisory - Multiple OOB Read Vulnerabilities in COPS implementation of Some Huawei Products
There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...
Security Advisory - Improper File Management Vulnerability in Huawei Share
The Huawei Share function of some Huawei phones has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim...
Security Advisory - Remote Code Execution Vulnerability in Windows DNSAPI
Microsoft released a security advisory to disclose a remote code execution vulnerability in Windows Domain Name System DNS DNSAPI.dll. An unauthenticated, remote attacker would use a malicious DNS server to send corrupted DNS responses to the target. The attacker could exploit the vulnerability t...
Security Advisory - Samba Remote Code Execution Vulnerability in Some Huawei Products
All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing an authenticated attacker to upload a shared library to a writable share and execute arbitrary code remotely on a targeted system. Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security...
Security Advisory - SQL Injection Vulnerability in the GaussDB
The GaussDB has a SQL injection vulnerability. An attacker with low privilege may inject some specific SQL to query or modify database files, causing database service abnormal. Vulnerability ID: HWPSIRT-2017-05017 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...
Security Advisory - Pointer Double Free Vulnerability in Some Huawei Products
There is a pointer double free vulnerability in Some Huawei Products. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash,...
Security Advisory - Denial of Service Vulnerability in Some Huawei Products
There is a denial of service vulnerability in some products. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process. Vulnerability ID: HWPSIRT-2020-04051 This vulnerability has been assigned a Common...
Security Advisory - NULL Pointer Dereference Vulnerability in Some Huawei Products
There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. Vulnerability ID:...
Security Advisory - Integer Overflow Vulnerability in Android affects Several Huawei Smartphones
There is an integer overflow vulnerability in Android affects several Huawei smartphones. There is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. Vulnerability ID:...
Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones
There is an improper authentication vulnerability in some Huawei smartphones. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to exploit this vulnerability. Successful exploit ma...
Security Advisory - Improper Access Control Vulnerability in Several Smartphones
There is an improper access control vulnerability in several smartphones. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain...
Security Advisory - Improper Authentication Vulnerability in Some Huawei Products
Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit...
Security Advisory - Double Free Memory Vulnerability in Huawei Products
Products Switches Routers WLAN Storage See All Solutions Cloud Data Center Enterprise Networking Intelligent Computing Solutions by Industry See All Services Training and Certification Industry Cloud Enablement Service Improvement Service Customer Support Service See All Partner Find a Partner...
Security Advisory - Denial of Service Vulnerability in Huawei Product
Products Switches Routers WLAN Storage See All Solutions Cloud Data Center Enterprise Networking Intelligent Computing Solutions by Industry See All Services Training and Certification Industry Cloud Enablement Service Improvement Service Customer Support Service See All Partner Find a Partner...
Security Advisory - Information Leak Vulnerability in Huawei CloudUSM-EUA Product
There is an information leak vulnerability in Huawei CloudUSM-EUA product. Due to improper configuration, the attacker may cause information leak by successful exploitation. Vulnerability ID: HWPSIRT-2019-09106 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...
Security Advisory - Two Heap Buffer Overflow Vulnerabilities in Broadcom WiFi Chipset Drivers
There are two heap buffer overflow vulnerabilities in Broadcom WiFi chipset drivers. A remote, unauthenticated attacker may send specially-crafted WiFi packets to exploit these vulnerabilities. Successfully exploit may cause Wi-Fi functions abnormal. Vulnerability ID: HWPSIRT-2019-04121 and...
Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products
There is an insufficient input validation vulnerability in some Huawei products. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the...
Security Advisory - GNU Glibc Buffer Overflow Security Vulnerability
Google security research team disclosed a buffer overflow vulnerability in GNU C library glibc CVE-2015-7547 on February 16, 2016, remote attackers can exploit the vulnerability to execute arbitrary code on an affected device. Vulnerability ID: HWPSIRT-2016-02018 This vulnerability has been...