1006 matches found
Security Advisory - Multiple Vulnerabilities in XML Parser of Some Huawei Products
There are multiple buffer overflow vulnerabilities in some Huawei products due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks or remote code execution on the device. Vulnerability ID...
Security Advisory - Memory Leak Vulnerability in Multiple Products
Some Huawei products have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the...
Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products
Multiple denial of service vulnerabilities were disclosed on Network Time Protocol NTP offical website. Attackers can exploit these vulnerabilities to cause a denial of service DoS condition. If trap service is enabled, an attacker can exploit this vulnerabilityc by sending a specially crafted...
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
Some Huawei products have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. Vulnerability ID: HWPSIRT-2017-08151 This vulnerability has been assign...
Security Advisory - Multiple Vulnerabilities in FusionSphere OpenStack
There is a privilege escalation vulnerability in Huawei FusionSphere OpenStack. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation. Vulnerability ID: HWPSIRT-2017-07053 This...
Security Advisory - Two Vulnerabilities in Some Huawei CPE Devices
The outdoor unit of some Customer Premise Equipment CPE has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without...
Security Advisory - Command Injection Vulnerability in the NetEco
Huawei iManager NetEco has a command injection vulnerability due to insufficient input validation. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a high...
Security Advisory - E-mail Information Leak Vulnerability in Android System
The Security Bulletin describes an E-mail Information Leak Vulnerability in Android System discovered by Google CVE-2016-3918. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to obtain information in the...
Security Advisory - HTTP Header Injection Vulnerability in Huawei FusionAccess
The FusionAccess is the desktop management system of Huawei FusionCloud desktop solution. Huawei FusionAccess has an HTTP header injection vulnerability. A remote, unauthenticated attacker can exploit it to tamper with HTTP headers, causing users to access crafted URLs. Vulnerability ID:...
Security Advisory - Buffer Overflow Vulnerability in Huawei Several Products
There is a vulnerability in several Huawei devices: USG series, NGFW Module, IPS Module, NIP series and AntiDDoS8000. These products have a buffer overflow vulnerability in the Application Specific Packet Filtering ASPF function. An attacker may craft a malformed packet with illegitimate...
Security Advisory-VRP SSH Denial of Service Vulnerability
The SSH of the VRP has an input verification issue. Remote attackers can send a special SSH packet to the device to cause a denial of service Vulnerability ID: HWPSIRT-2014-0701. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2014-8572...
Security Advisory- Y.1731 Vulnerability on Some Huawei Switches
Y.1731 is an ITU-T recommendation for OAM features on Ethernet-based networks. Y.1731 provides connectivity detection, diagnosis, and performance monitoring for VLAN/VSI services on MANs. Some Huawei switches support Y.1731 and therefore, has the Y.1731 vulnerability in processing special packets...
Security Advisory - Improper Authorization Vulnerability in a Huawei Children's Watch
Huawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit could allow the attacker to access certain file. Vulnerability ID:HWPSIRT-2022-62345 This vulnerability has been assigned a CVE ID: CVE-2022-45874...
Security Advisory - Out-of-bounds Read and Write Vulnerability in Some Huawei Headset Products
There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be...
Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Smartphones
Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can modify specific parameters, causing the system to crash. Vulnerability ID: HWPSIRT-2020-05121 This...
Security Advisory - Denial of Service Vulnerability in Some Huawei Products
There is a denial of service vulnerability in some Huawei products. An attacker could exploit this vulnerability by sending specific message to a targeted device. Due to insufficient input validation, successful exploit can cause the service abnormal. Vulnerability ID: HWPSIRT-2020-24699 This...
Security Advisory - Insufficient Input Validation Vulnerability in FusionCompute Product
There is an insufficient input validation vulnerability in FusionCompute product. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal. Vulnerability ID: HWPSIRT-2020-05085 This...
Security Advisory - CSV Injection Vulnerability in iManager NetEco Product
There has a CSV injection vulnerability in iManager NetEco Product. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV...
Security Advisory - Out-of-Bounds Read and Write Vulnerability in Huawei Smartphone
There is an out-of-bounds read and write vulnerability in Huawei smartphone. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. Vulnerability ID: HWPSIRT-2020-03107 Th...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information...
Security Advisory - Denial of Service Vulnerability in SmartPhone Product
There is a denial of service vulnerability in several smartphones. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset. Vulnerability ID: HWPSIRT-2020-04032 This vulnerability has be...
Security Advisory - Command Injection Vulnerability in FusionCompute
There is a command injection vulnerability in FusionCompute. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. Vulnerability ID: HWPSIRT-2020-05015 This vulnerability has be...
Security Advisory - Protection Mechanism Failure Vulnerability in Some Huawei Products
There is a protection mechanism failure vulnerability in some Huawei products. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product. Vulnerability ID: HWPSIRT-2020-05077 This...
Security Advisory - Buffer Overflow Vulnerability in Several Smartphones
There is a buffer overflow vulnerability in several smartphones. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit m...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in several smartphones. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. Vulnerability ID:...
Security Advisory - Information Leak Vulnerability in Some Huawei Smartphones
There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak. Vulnerability ID:...
Security Advisory - Two Out-of-Bounds Read Vulnerabilities in Some Huawei Products
Some Huawei products have two out-of-bounds read vulnerabilities due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the devi...
Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products
Some Huawei products have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain...
Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones
There is a information leak vulnerability in the date service proxy implementation of some Huawei smart phones. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to get kernel date, which may cause sensitive information leak...
Security Advisory - DoS Vulnerability in XML Parser of Some Huawei Products
XML parser has a DoS vulnerability in some Huawei products. Due to not check the specially XML file enough, an authenticated local attacker may craft specific XML files to the affected products and parse this file, which cause to null pointer accessing and result in DoS attacks. Vulnerability ID:...
Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware
There are multiple vulnerabilities in Intel Management Engine ME firmware. Some Huawei devices are affected for using related Intel products. Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system t...
Security Advisory - Denial of Service Vulnerability on Several Products
There is a denial of service vulnerability on several products. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device. Vulnerability ID...
Security Advisory - Several Vulnerabilities in H323 protocol of Huawei Products
There are two out-of-bounds read vulnerabilities in H323 protocol of Huawei products. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. Vulnerability ID:...
Security Advisory - Three Vulnerabilities in Huawei FusionSphere
There is an incorrect authorization vulnerability in Huawei FusionSphere. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby querying, modifying, and deleting certain service data and making the service unavailable. Vulnerability ID:...
Security Advisory - DoS Vulnerability in Some Huawei Smartphones
There is a denial of service DoS vulnerability in some Huawei Smartphones. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to cause some functions of system unavailable...
Security Advisory - Phone Finder Bypass Vulnerability in Some Huawei Smart Phones
Phone Finder is a Huawei security method that was designed to make sure someone can't just wipe and factory reset the phone if user lost it or it was stolen. The Phone Finder in some Huawei smart phones can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner o...
Security Advisory - Information Leak Vulnerability in Huawei Hilink APP
Huawei Hilink APP has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data. Vulnerability ID: HWPSIRT-2017-01092 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...
Security Advisory - Two Security Vulnerabilities in Huawei EMUI
Huawei EMUI3.1 has two vulnerabilities. The Keyguard application in Huawei EMUI3.1 has a privilege elevation vulnerability due to insufficient validation on specific parameters. An attacker may trick a user into installing a malicious application. Successful exploit could allow the attacker to...
Security Advisory - Lock-screen Bypass Vulnerability in Huawei Smartphones
There is a lock-screen bypass vulnerability in Huawei smartphones. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot. Vulnerability ID:...
Security Advisory - Buffer Overflow Vulnerability in Wi-FI Driver of Huawei Smart Phone
The Wi-Fi driver of some Huawei products has buffer overflow vulnerability due to the lack of a parameters check. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege...
Security Advisory - DoS Vulnerability in Huawei Switches
There is a denial of service DoS vulnerability in Huawei switches due to improper management of system resources. A remote attacker with specific permission could store massive files to exhaust the shared storage space, leading to a DoS condition. Vulnerability ID: HWPSIRT-2016-06006 This...
Security Advisory - Unquoted Service Path Vulnerability in Huawei UTPS Software
Huawei Unified Terminal PC suite UTPS, also known as Mobile Partner, runs on the PC side to manage data cards. It provides data card setting, dial-up setting, message sending and receiving, and contacts management functions. Huawei UTPS has an unquoted service path vulnerability which can lead to...
Security Advisory - Input Validation Vulnerabilities in Camera Driver of Huawei Smart Phones
There are five input validation vulnerabilities in the Camera driver of some Huawei smart phones. An attacker may trick a user into installing a malicious application, and the application can send given parameter to Camera driver to crash the system or escalate user privilege. Vulnerability ID:...
Security Advisory - DNS Static Source Port Vulnerability in Huawei E5151 and E5186
Huawei E5151 and E5186 allow DNS query packets using the static source port. Attackers can exploit the vulnerability to launch DNS Spoofing Attack and compromise the normal service of DNS. Vulnerability ID: HWPSIRT-2015-10001 This vulnerability has been assigned Common Vulnerabilities and Exposur...
Security Advisory - DoS Vulnerability in Huawei U2990 and U2980
Huawei U2990 and U2980 have a DoS vulnerability caused by no error correction mechanism when handling specific signaling packets. An attacker can send malformed packets to cause a denial of service condition in some services of the U2990 and U2980. Vulnerability ID: HWPSIRT-2015-09025 This...
Security Advisory - VENOM Vulnerability in Huawei Products
Huawei has noticed the buffer overflow vulnerability in the floppy disk controller FDC of QEMU disclosed by open source organization Xen. This vulnerability allows an attacker to escape out of the virtual machine, execute code on the physical host with full privilege. Vulnerability ID:...
Security Advisory - Two Privilege Escalation Vulnerabilities in Huawei Mate 7 Smartphones
The tzdriver module of Huawei Mate 7 smartphone has an input check error, which allows the user-mode application to modify kernel-mode memory data and maybe make system break down or application elevate privilege. Vulnerability ID: HWPSIRT-2015-03011 These Vulnerabilities have been assigned Commo...
Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product
Huawei eSpace Desktop products have the following vulnerabilities: 1 The program does not implement comprehensive validity check on the QES file imported into the system, causing the system to exit unexpectedly. Vulnerability ID: HWPSIRT-2014-1151 This vulnerability has been assigned Common...
Security Advisory - The input verification vulnerability of a Huawei Device product is involved.
A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks. Vulnerability ID: HWPSIRT-2022-49379 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2022-37395. For products that have released...
Security Advisory - Use-after-free Vulnerability in Huawei Products
There is a use-after-free UAF vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Vulnerability ID: HWPSIRT-2020-67955 This vulnerability has been assigned a Common Vulnerabilities and...