1006 matches found
Security Advisory - Information Leak Vulnerability in Huawei APP
Some Huawei APPs have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version. Vulnerability ID: HWPSIRT-2017-02025 This vulnerability has been assigned a CV...
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
There is a buffer overflow vulnerability in Connectivity Fault Management CFM function of some Huawei Products. When CFM is enabled and Maintenance Association End Point MEP is configured on the affected device, an adjacent attacker could exploit this vulnerability by sending crafted packets to t...
Security Advisory - Logic Error Vulnerability in Several Smartphones
There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Vulnerability ID:...
Security Advisory - Possible Out-Of-Bounds Read Vulnerability in Huawei Products
There is an out of bounds read vulnerability in some Huawei products. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal...
Security Advisory - Multiple Threads Race Condition Vulnerability in Huawei Product
There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cau...
Security Advisory - Improper Signature Verification Vulnerability in Some Huawei Smartphones
There is an improper signature verification vulnerability in some smartphones. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device. Vulnerability ID: HWPSIRT-2019-11220 This...
Security Advisory - FasterXML Jackson-databind Injection Vulnerability in Huawei Products
It was found that jackson-databind, a Java library used to parse JSON and other data formats, could deserialize data without proper validation, allowing a maliciously client to perform remote code execution on a service with the required characteristics.Vulnerability ID: HWPSIRT-2020-02149 This...
Security Advisory - Information Leakage Vulnerability on Some Huawei Products
There is an information leakage vulnerability on some Huawei products. An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an information disclosure condition. Vulnerability ID: HWPSIRT-2019-04080 This vulnerability...
Security Advisory - Multiple Vulnerabilities in MTK Platform
There are two buffer overflow vulnerabilities and one arbitrary memory write vulnerability in the camera driver of MTK platform in some Huawei smart phones. Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege an...
Security Advisory - Four Command Injection Vulnerabilities in The FusionSphere OpenStack
The FusionSphere OpenStack has four command injection vulnerabilities due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. Vulnerability ID:...
Security Advisory - Multiple Security Vulnerabilities in Huawei HiSuite
Huawei HiSuite PC client software has an information leak vulnerability. The software provides the function for configuring the proxy server. The password textbox on the proxy configuration UI do not disable the password copy function. An attacker who can log in to the system can copy out the...
Security Advisory - Input Validation Vulnerability in Huawei Routers
There is an input validation vulnerability in Huawei access routers, an attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. An exploit could allow the attacker to cause a Denial of Service or remote code execution. Vulnerability ID:...
Security Advisory - Multiple Vulnerabilities in Huawei FusionServer Products
Multiple security vulnerabilities exist in Huawei FusionServer products. Command injection vulnerability exists in Huawei FusionServer products. An attacker could change the input parameters on the login page and enter commands, such as user creation command. Vulnerability ID: HWPSIRT-2015-06075...
Security Advisory - Traffic Hijacking Vulnerability in Huawei Routers
There is a traffic hijacking vulnerability in Huawei routers. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.Vulnerability ID:HWPSIRT-2022-82592 This vulnerability has been assigned a CVEID:CVE-2022-48469...
Security Advisory - Traffic Hijacking Vulnerability in Huawei Routers
There is a traffic hijacking vulnerability in Huawei routers. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. Vulnerability ID: HWPSIRT-2021-21766 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2021-46835. For...
Security Advisory - Out of Bounds Write Vulnerability in Huawei CloudEngine Product
There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal. Vulnerability ID:...
Security Advisory - Insecure Encryption Algorithm Vulnerability in Some Huawei Products
Some Huawei products have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. Vulnerability ID: HWPSIRT-2020-05067 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2020-912...
Security Advisory - Out-of-bounds Read and Write Vulnerability in Some Huawei Products
There is an out-of-bounds read and write vulnerability in some products. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot...
Security Advisory - Path Traversal Vulnerability in Several Smartphones
There is a path traversal vulnerability in several smartphones. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path. Vulnerability ID: HWPSIRT-2019-10116 This vulnerability has been assigned a...
Security Advisory - Improper Input Verification Vulnerability in Huawei Smartphone
There is an improper input verification vulnerability in Huawei smartphone. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak...
Security Advisory - Insufficient Integrity Validation Vulnerability in Several Products
There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB. Vulnerability ID:...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in certain Huawei smartphones. The software does not properly handle certain information of application locked by applock in a rare condition, successful exploit could cause information disclosure. Vulnerability ID: HWPSIRT-2018-08142 This...
Security Advisory - Remote Control Vulnerability in RCS Module of Some Huawei Smart Phones
There is a remote control vulnerability in RCS module of some Huawei smart phones. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the ke...
Security Advisory - Multiple Input Validation Vulnerabilities in CIDAM Protocol on Huawei Products
The CIDAM Protocol on Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker...
Security Advisory - Memory Leak Vulnerability in Some Huawei FireWall Products
Some Huawei FireWall products have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.Vulnerability ID:...
Security Advisory - Seven vulnerabilities in Google Dnsmasq
Dnsmasq is a widely used piece of open-source softwarea designed to provide DNS, DHCP, Dnsmasq 2.77 and before version contains 7 security vulnerabilities. There is a heap buffer overflow vulnerability in dnsmasq in the code responsible when building DNS replies. An attacker could send crafted DN...
Security Advisory - Multiple Security Vulnerabilities in Driver of Huawei Smart Phones
There are multiple security vulnerabilities in driver of some Huawei smart phones. There are two interface access control vulnerabilities in Graphics driver. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to crash the system or...
Security Advisory - Information Leak Vulnerability in Certain Huawei Products
Some Huawei products have two information leak vulnerabilities caused by improper encryption mechanisms. Users can use reversible or irreversible encryption algorithms to encrypt passwords. If a reversible encryption algorithm is used to encrypt administrators' passwords, an attacker with high...
Security Advisory - Denial of Service Vulnerability in Huawei Smart WiFi Router
There is a denial of service vulnerability in the Wi-Fi module of the HUAWEI WS7100-20 Smart WiFi Router.Successful exploit could cause a denial of service DoS condition. Vulnerability ID:HWPSIRT-2022-59488 This vulnerability has been assigned a CVE ID: CVE-2022-46740...
Security Advisory - Information Exposure Vulnerability on Several Huawei Products
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Vulnerability ID: HWPSIRT-2020-32928 This vulnerability has been assigned ...
Security Advisory - Cross-Site Scripting(XSS) Vulnerability in Huawei WS318n Product
There is a Cross-Site ScriptingXSS vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain...
Security Advisory - Out-of-Bounds Read Vulnerability On Several Huawei Products
There is an out-of-bounds read vulnerability on several Huawei products. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Servic...
Security Advisory - Improper Permission Assignment Vulnerability in Huawei ManageOne Product
There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain user to do certain operations with improper permission. Vulnerability ID: HWPSIRT-2020-8163...
Security Advisory - Information Leakage Vulnerability in Some Huawei Products
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. Vulnerability ID:...
Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones
There is an out-of-bounds read and write vulnerability in smartphone products. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the...
Security Advisory - Out-of-Bounds Read Vulnerability in Some Huawei Smart Phone
There is an out-of-bounds read vulnerability in XFRM module of some Huawei smart phone. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak. Vulnerabilit...
Security Advisory - DoS Vulnerability in Some Huawei Smart Phones
There is a denial of service DoS vulnerability in some Huawei smart phones. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service. Vulnerability ID: HWPSIRT-2019-09107 This vulnerability has be...
Security Advisory - Local Privilege Escalation Vulnerability in Huawei FusionCompute Product
There is a local privilege escalation vulnerability in Huawei FusionCompute product. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. Vulnerabili...
Security Advisory - Information Exposure Vulnerability in Some Huawei Smart Phones
There is an information exposure vulnerability in some Huawei smart phones. The system does not properly authenticate the application that access a specified interface. Attackers can trick users into installing malicious software to exploit this vulnerability and obtain some information about the...
Security Advisory - Out-of-bounds Write Vulnerability in Some Huawei Products
There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Vulnerability...
Security Advisory - Two Vulnerabilities in APPGallery of Huawei Smart Phones
There is a whitelist mechanism bypass vulnerability and an arbitrary Javascript running vulnerability in Huawei AppGallery. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious...
Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones
The soundtrigger module of some Huawei smart phones has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability to replace related authentication...
Security Advisory - Multiple Vulnerabilities in MTK Platform
There are multiple vulnerabilities in MTK platform used in Huawei smart phones. There is a out-of-bound read vulnerability in MTK platform used in Huawei smart phones. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter and cause to memor...
Security Advisory - Information Leak Vulnerability in Huawei FusionSphere OpenStack
Huawei FusionSphere OpenStack has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak. Vulnerability ID: HWPSIRT-2017-07112 This...
Security Advisory - Two Vulnerabilities in Smart Phones
Some Huawei smart phones have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. Vulnerability ID: HWPSIRT-2017-04121 This vulnerability...
Security Advisory - Multiple Buffer Overflow Vulnerabilities in Driver of Huawei Smart Phone
The driver of some Huawei smart phones have six buffer overflow vulnerabilities due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart...
Security Advisory - Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones
Some Huawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen. Vulnerability ID:...
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
Factory Reset Protection FRP is a security method that was designed to make sure someone can't just wipe and factory reset the phone if user lost it or it was stolen. The FRP in some Huawei smart phones can be bypass. An attacker can bypass the FRP by special steps and wipe and factory reset the...
Security Advisory - Privilege Escalation Vulnerability in Huawei Multiple Smart Phones
There is a privilege escalation vulnerability in Android kernel due to the lack of a parameters check. An attacker may trick a user into installing a malicious application, and the application can modify the data of kernel to crash the system or escalate user privilege. Vulnerability ID:...
Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products
Apache Struts2 released a remote code execution vulnerability in S2-032 on the official website,when Dynamic Method Invocation DMI is enabled, an exploit could allow the attacker to cause remote code execution.Vulnerability ID: HWPSIRT-2016-04052 This vulnerability has been assigned a Common...