Security Advisory - Information Leakage in Huawei VIP App Web Service

Huawei VIP App is mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability that attackers can conduct bruteforce to the VIP App Web Services to get user information leakage. Vulnerability ID: HWPSIRT-2018-11111 This vulnerability has been assign...

Security Advisory - Out-of-bounds Write Vulnerability on Several Smartphones

There is an out-of-bounds write vulnerability on several smartphones. The software does not handle the response message properly when the user doing certain inquiry operation, an attacker could send crafted message to the device, successful exploit could cause a denial of service condition...

Security Advisory - Smart SMS Verification Code Vulnerability in Some Huawei Smart Phones

There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak...

Security Advisory - Information Leak Vulnerability in Some Huawei Smartphones

There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak. Vulnerability ID:...

Security Advisory - Two Vulnerabilities in Huawei eSpace Product

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak. Vulnerability I...

Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploite...

Security Advisory - FRP Bypass Vulnerability on Several Smartphones

There is a Factory Reset Protection FRP bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could all...

Security Advisory - Information Leakage Vulnerability on Several Huawei Products

There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of...

Security Advisory - Lock-screen Bypass Vulnerability in Huawei Smartphones

There is a lock-screen bypass vulnerability in radio module of some Huawei smartphones. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this vulnerability. Vulnerability ID: HWPSIRT-2018-04055 This vulnerability has...

Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones

Some Huawei smartphones have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the...

Security Advisory - SegmentSmack Vulnerability in Linux Kernel

There is a DoS vulnerability in the Linux Kernel versions 4.9+ known as a SegmentSmack attack. Remote attackers may send TCP packets to Linux kernel to make it calls the very expensive functions tcpcollapseofoqueue and tcppruneofoqueue of the affected device which can lead to a denial of service...

Security Advisory - SegmentSmack Vulnerability in Linux Kernel

There is a DoS vulnerability in the Linux Kernel versions 4.9+ known as a SegmentSmack attack. Remote attackers may send TCP packets to Linux kernel to make it calls the very expensive functions tcpcollapseofoqueue and tcppruneofoqueue of the affected device which can lead to a denial of service...

Security Advisory - Improper Authorization Vulnerability in Huawei Watches

There is an improper authorization vulnerability in some Huawei watches. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch...

Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones

Some Huawei phones have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone. Vulnerability ID:...

Security Advisory - Improper Authentication Vulnerability on Smartphones

There is an improper authentication vulnerability on smartphones. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which i...

Security Advisory - FRP Bypass Vulnerability in MyCloud APP of Huawei Smart Phones

There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit...

Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Products

There is a sensitive information leak vulnerability in some Huawei products. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak. Vulnerability ID...

Security Advisory - Lock-screen Bypass Vulnerability in Huawei Mate RS Smartphones

There is a lock-screen bypass vulnerability in Huawei Mate RS smartphones. An attacker could unlock and use the phone through certain operations. Vulnerability ID: HWPSIRT-2018-06108 This vulnerability has been assigned a CVE ID: CVE-2018-7929. Huawei has released software updates to fix this...

Security Advisory - FRP Bypass Vulnerability on Smartphones

There is a Factory Reset Protection FRP bypass vulnerability on some Huawei smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the...

Security Advisory - Two Insufficient Input Validation Vulnerabilities in Huawei Smart Phones

Some Huawei phones have two insufficient input validation vulnerabilities due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify different specific data to exploit these two vulnerabilities. Successful exploi...

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

There is Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed...

Security Advisory - DoS Vulnerability in Some Huawei Smart Phones

There is a denial of service DoS vulnerability in some Huawei smart phones. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until...

Security Advisory - FRP Bypass Vulnerability on Huawei Smart Phones

There is a FRP bypass vulnerability on Huawei smart phones. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP. Vulnerability ID: HWPSIRT-2018-06018 Th...

Security Advisory - Plug-in Signature Bypass Vulnerability in Some Huawei Products

There is a plug-in signature bypass vulnerability in some Huawei products due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root...

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

There is Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable...

Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones

Some Huawei smartphones have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak...

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

There is Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google...

Security Advisory - CPU Side Channel Vulnerability "L1TF"

Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646. Successful exploit of these vulnerabilities could allow a local attacker to read the memory of other processes in specific situations. These vulnerabilities...

Security Advisory - Multiple Vulnerabilities in IPsec IKE of Huawei Firewall Products

There is a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability c...

Security Advisory - Buffer Overflow Vulnerability on Several Products

There is a buffer overflow vulnerability on madapt driver of several products. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of...

Security Advisory - Authentication Bypass Vulnerability in Some Huawei Mobile Phones

There is an authentication bypass vulnerability in some Huawei mobile phones. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause som...

Security Advisory - Use After Free Vulnerability on Smartphone

There is a use after free vulnerability on mediaserver component in smartphone. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code. Vulnerability ID:...

Security Advisory - DoS Vulnerability in Some Huawei Smart Phones

Some Huawei mobile phone versions have a denial of service DoS vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures...

Security Advisory - Memory Leak Vulnerability on Several Products

There is a memory leak vulnerability on several products. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory...

Security Advisory - Information Leakage Vulnerability on Huawei Smart Phone

There is an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally. Vulnerability ID: HWPSIRT-2018-03117 This vulnerability has been assigned a...

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

There is a weak algorithm vulnerability in some Huawei products. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key...

Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products

There is an out-of-bounds read vulnerability in some Huawei products. An unauthenticated, remote attacker has to control the peer device and craft the Signalling Connection Control Part SCCP messages to the target devices. Due to insufficient input validation of some values in the messages,...

Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products

There is a buffer overflow vulnerability in the Common Open Policy Service Protocol COPS module of some Huawei products. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful...

Security Advisory - DoS Vulnerability in SMS Module of Some Huawei Smart Phones

There is a Denial of Service DoS vulnerability in the Short Message Service SMS module of some Huawei smart phones. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive...

Security Advisory - FRP Bypass Vulnerability in Some Huawei Smart Phones

There is Factory Reset Protection FRP bypass vulnerability in some Huawei smart phones. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally. Vulnerability...

Security Advisory - Side-Channel Vulnerability Variants 3a and 4

Intel publicly disclosed new variants of the side-channel central processing unit CPU hardware vulnerabilities known as Spectre and Meltdown. These variants known as 3A （CVE-2018-3640）and 4 （CVE-2018-3639, local attackers may exploit these vulnerabilities to cause information leak on the affected...

Security Advisory - Privilege Escalation Vulnerability in Some Huawei Smart Phones

Some Huawei smart phones has a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the...

Security Advisory - Arbitrary Memory Free Vulnerability in GPU Driver of Some Huawei Smart Phones

There is an arbitrary memory free vulnerability in GPU driver of some Huawei smart phones due to insufficient parameters verification. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory...

Security Advisory - OpenSSL Vulnerability in Some Huawei Products

Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion. Successful exploit of this vulnerability may result in a Denial of Service attack. Vulnerability ID: HWPSIRT-2018-03073 This vulnerability...

Security Advisory - CPU Vulnerabilities Meltdown and Spectre

Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. Vulnerability ID:...

Security Advisory - Two JSON Injection Vulnerabilities in Some Huawei Servers

The iBMC Intelligent Baseboard Management Controller of some Huawei servers have two JSON injection vulnerabilities due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers t...

Security Advisory - Stored XSS Vulnerability in eSpace Desktop

There is a stored cross-site scripting XSS vulnerability in eSpace Desktop. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the...

Security Advisory - Authentication Bypass Vulnerability in Some Huawei Servers

There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level...

Security Advisory - Privilege Escalation Vulnerability in Some Huawei Servers

The iBMC Intelligent Baseboard Management Controller of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users ...

Security Advisory - DoS Vulnerability in Some Huawei Smart Phones

Some Huawei smart phones have a denial of service DoS vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow th...