1006 matches found
Security Advisory - Memory Overflow Vulnerability in the Huawei Smartphone
There has a memory overflow vulnerability in Some Huawei mobile phone products. An attacker may exploit this vulnerability to gain the root access over the mobile phones. Then the attacker can further modify memory data and obtain sensitive information. Vulnerability ID: HWPSIRT-2015-10046 This...
Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products
A security vulnerability exists in Rivest Cipher 4 RC4 used by TLS and SSL protocols. RC4 cannot provide sufficient data protection. After listening to an SSL or TLS connection, an attacker can obtain plaintext data by brute force cracking. This vulnerability is also called Bar Mitzvah...
Security Advisory-Memory Leak Vulnerability on USG products
The HUAWEI USG9560/9520/9580 is a high-end 10-Gigabit Firewall. The USG9560/9520/9580 applies to Internet backbone networks, IP dedicated backbone networks, IP metropolitan area networks MANs, Internet data center IDC egress. This security gateway provides multiple powerful and all-round security...
Security Advisory - Path Traversal Vulnerability in Huawei Home Music System
Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.Vulnerability ID:HWPSIRT-2023-53450 This vulnerability has been assigned a CVEID:CVE-2023-7263...
Security Advisory - Incorrect Privilege Assignment Vulnerability in Huawei Whole-Home Intelligence Software
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.Vulnerability ID:HWPSIRT-2022-52968 This vulnerability has been assigned a CVE ID: CVE-2022-48...
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Mobile Phones
Some Huawei products have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow. Vulnerability ID: HWPSIRT-2020-43452 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...
Security Advisory - Improper Authentication Vulnerability in Huawei Product
There is an improper authentication vulnerability in Huawei Products. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service. Vulnerability ID:...
Security Advisory - Denial of Service Vulnerability in Several Smartphones
There is a denial of service vulnerability in several smartphones. Certain system configuration can be modified because of improper authorization. The attacker should trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of...
Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones
There is an improper authentication vulnerability in some Huawei smartphones. Due to the identity of the message sender is not properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. Vulnerability ID: HWPSIRT-2019-1213...
Security Advisory - Two Vulnerabilities in Huawei PCManager Product
There is a privilege escalation vulnerability in Huawei PCManager product. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID: HWPSIRT-2018-11141 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2019-5241. There is ...
Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploite...
Security Advisory - Three JSON Injection Vulnerabilities in Huawei Some Products
There are three JSON injection vulnerabilities in Huawei some product. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system...
Security Advisory - Out-Of-Bounds Write Vulnerability on Several Huawei Products
There is an out-of-bounds write vulnerability on several Huawei products. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticate...
Security Advisory - Three Vulnerabilities in SCCPX Module of Some Huawei Products
There is an out-of-bounds read vulnerability in SCCPX module of some Huawei products. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of produc...
Security Advisory - Improper Authorization Vulnerability on iBMC
There is an improper authorization vulnerability on iBMC. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure. Vulnerability ID...
Security Advisory - Authentication Bypass Vulnerability in the 'Find Phone' Function of some Huawei Smart Phones
The 'Find Phone' function of some Huawei smart phones has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the...
Security Advisory - Input Validation Vulnerability in Huawei VRP Platform
There is an input validation vulnerability in some Huawei devices using VRP. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakag...
Security Advisory - Multiple Security Vulnerabilities in Huawei Smart Phone Products
The TrustZone driver of some Huawei smart phone products has an input validation vulnerability. An attacker may trick the target user into installing a malicious APP which could exploit this vulnerability to pass specific parameters to the TrustZone driver. Successful exploit could cause the syst...
Security Advisory - Buffer Overflow Vulnerability in Huawei USG Products
The Authentication, Authorization and Accounting AAA module in the USG products has a buffer overflow vulnerability. A remote attacker can send crafted Enterprise Application Platform EAP packets to the USG products through a Remote Authentication Dial In User Service RADIUS server which has...
Security Advisory - Path Traversal Vulnerability in Huawei Home Gateway Products
There is a path traversal vulnerability on several Huawei home gateway products. The products do not properly validate HTTP requests received by a specific port. An remote attacker may access the local files on the device without authentication by crafting an HTTP request and sending it to the...
Security Advisory-Information Leakage Vulnerability in Huawei P7 Smartphone
MeWidget is a plug-in of Huawei Emotion UI. The MeWidget module on Huawei smartphone P7 has a vulnerability that could lead to the disclosure of contact information. Attackers can obtain the name and URI information of mobile phone users through the malware installed on the smartphones...
Security Advisory-Information Leakage Vulnerability via MPLS Ping in VRP Platform
VRP Versatile Routing Platform has been developed by Huawei to provide improved IP routing services. The VRP has been widely applied to network devices, including high-end and low-end switches and routers, wireless and transmission devices. Information leakage vulnerability exists in several...
Security Advisory - Identity Authentication Bypass Vulnerability in The Huawei Children Smart Watch (Simba-AL00)
The Huawei Children Smart Watch Simba-AL00 has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail.Vulnerability ID:HWPSIRT-2022-18770 This vulnerability has been assigned a CVE ID:...
Security Advisory - Insufficient Input Verification Vulnerability In Huawei Product
There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. Vulnerability ID: HWPSIRT-2022-76192 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2022-32144. For...
Security Advisory - Improper Authentication Management Vulnerability in some Huawei Products
There is an improper authentication vulnerability in some huawei products.Successful exploitation of this vulnerability may lead to a control of the victim device. Vulnerability ID: HWPSIRT-2021-30580 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...
Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product
There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...
Security Advisory - Weak Secure Algorithm Vulnerability in Huawei Product
There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak. Vulnerability ID:...
Security Advisory - Buffer Overflow Vulnerability in the Bluetooth Module of Some Huawei Mobile Phones
There is a buffer overflow vulnerability in the Bluetooth module of some Huawei mobile phones. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. Successful exploit may cause code execution. Vulnerabilit...
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
Some Huawei products have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution. Vulnerability ID: HWPSIRT-2020-04125...
Security Advisory - Improper Authorization Vulnerability in Huawei Product
There is an improper authorization vulnerability in Huawei FusionComput. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service. Vulnerability ID:...
Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones
There is an improper authentication vulnerability in some Huawei smartphones. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability...
Security Advisory - Information Leak Vulnerability in Some Huawei Products
Some Huawei mobile phones have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information. Vulnerability ID: HWPSIRT-2019-04053 This vulnerability has been assigned a...
Security Advisory - Memory Leak Vulnerability on Several Products
There is a memory leak vulnerability on several products. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory...
Security Advisory - Buffer Overflow Vulnerability in the NFC Module of Some Huawei Mobile Phones
The Near Field Communication NFC module of some Huawei mobile phones has a buffer overflow vulnerability due to the lack of input validation. An attacker may use an NFC card reader or another device to inject malicious data into a target mobile phone. Successful exploit could lead to system resta...
Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Server Service
Microsoft released a security bulletin MS08-067 to disclose a remote code execution vulnerability in the Server service. An unauthenticated, remote attacker may send a specially crafted RPC request to the affected products. Successful exploit may result in arbitrary code execution. Vulnerability...
Security Advisory - Information Leak Vulnerability in Huawei FusionSphere Openstack
There is an information leak vulnerability in Huawei FusionSphere Openstack. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the internal network may obtain sensitive information transmitted. Vulnerability ID:...
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
There is Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker can login the Swype and can perform some operations to update the Google account. As a result, the FRP...
Security Advisory - App Lock Bypass Vulnerability in Huawei Mobile Phones
App Lock is a function provided by the Phone Manager app to prevent unauthorized use of apps on mobile phones. Some Huawei mobile phones have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone temporarily...
Security Advisory - MITM Vulnerability in Huawei Vmall APP
The upgrade package of Huawei Vmall APP is transferred through HTTP. A man in the middle MITM can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. Vulnerability ID: HWPSIRT-2016-11068 This vulnerability has been assigned a Common Vulnerabilities and...
Security Advisory - Two Information Leak Vulnerabilities in ION Memory Management Module of Huawei Smart Phone
Two information leak vulnerabilities exist in the ION memory management module of some Huawei mobile phones due to the lack of initialization during memory allocation. Vulnerability ID: HWPSIRT-2016-09032 and HWPSIRT-2016-09033 These two vulnerabilities have been assigned CVE ID: CVE-2016-8757 an...
Security Advisory - Remote Security Bypass Vulnerability on Huawei Android Devices
Android version 4.1.1 - 4.4.2 is prone to a remote security bypass vulnerability CVE-2013-6272: A vulnerability in the Android system allows an attacker to initiate or terminate arbitrary calls without the callphone permission. After investigation, we confirm that some Huawei smartphone and table...
Security Advisory - Misinterpretation of Input Vulnerability in Huawei Printer
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal. Vulnerability ID:HWPSIRT-2022-47904 This vulnerability has been assigned a CVE ID: CVE-2022-48471...
Security Advisory - Denial of Service Vulnerability in some Huawei Products
There is a denial of service vulnerability in some Huawei products. Successful exploitation could cause denial of service. Vulnerability ID: HWPSIRT-2022-27465 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2022-29798. For products that have released...
Security Advisory - CSV Injection Vulnerability in Some Huawei Products
There is a CSV injection vulnerability in some Huawei Products. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files ...
Security Advisory - Denial of Service Vulnerability in Some Products
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Vulnerability ID: HWPSIRT-2020-70186 This vulnerability has been...
Security Advisory - Arbitrary Memory Write Vulnerability in Huawei Smart Phone
There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Vulnerability ID: HWPSIRT-2020-04031 This vulnerability has been assigned a Common...
Security Advisory - Denial of Service Vulnerability in Huawei Product
There is a denial of service vulnerability in Huawei product. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal...
Security Advisory - Privilege Escalation Vulnerability in FusionCompute Product
There is a privilege escalation vulnerability in FusionCompute product. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation...
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Smartphones
There has a privilege elevation vulnerability in some smartphones. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege. Vulnerability I...
Security Advisory - Multiple Vulnerabilities in XML Parser of Some Huawei Products
There are multiple buffer overflow vulnerabilities in some Huawei products due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks or remote code execution on the device. Vulnerability ID...