Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

There is Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker can login the configuration flow by some secret code and can perform some operations to update the...

Security Advisory - Escalation of Privilege Vulnerability in Intel AMT, Intel ISM and Intel SMT

Intel disclosed an escalation of privilege vulnerability in Intel Active Management Technology AMT, Intel Standard Manageability ISM, and Intel Small Business Technology in Security Center advisory INTEL-SA-00075. Unprivileged attackers could exploit this vulnerability to gain control of the...

Security Advisory - Privilege Escalation Vulnerability in Push Module of Huawei Smart Phone

There is a privilege escalation vulnerability in Push module of Huawei Smart Phone. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. Vulnerability ID: HWPSIRT-2017-05070...

Security Advisory - Directory Traversal Vulnerability in Push Module of Huawei Smart Phone

There is a directory traversal vulnerability in Push module of Huawei Smart Phone. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service. Vulnerability ID:...

Security Advisory - DoS Vulnerability in TLS of Some Huawei Products

There is a input validation vulnerability in some huawei products when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. Vulnerability ID: HWPSIRT-2017-03121...

Security Advisory - DoS Vulnerability of isub Service in Some Huawei Smartphones

Isub service has a denial of service DoS vulnerability in some Huawei smart phones due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a...

Security Advisory - DoS Vulnerability in Wi-Fi Driver of Some Huawei Smart Phones

There is a Denial of Service DoS vulnerability in Wi-Fi driver of some Huawei smart phones. An attacker may trick a user into installing a malicious application and the application can access invalid address of driver to crash the system. Vulnerability ID: HWPSIRT-2017-04153 This vulnerability ha...

Security Advisory - Multiple Vulnerabilities Released on Microsoft Security Advisory 4025685

Microsoft had released a Security Advisory 4025685 on June 14 to fix multiple critical security vulnerabilities in such systems as Microsoft Windows XP, Windows Server 2003, Windows VISTA, and Windows 8. Attackers can exploit these vulnerabilities to implement remote code execution or privilege...

Security Advisory - Use After Free Vulnerability in TEE Module of Some Huawei Smart Phones

The Trusted Execution Environment TEE module driver of some Huawei smart phones has a use after free UAF vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could trigger...

Security Advisory - Permission Control Vulnerability in Smart Phones

Some Huawei Smart phones have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user. Vulnerability ID: HWPSIRT-2017-04123 This...

Security Advisory - Permission Control Vulnerability in Smart Phones

Some Huawei Smart phones have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user. Vulnerability ID: HWPSIRT-2017-04123 This...

Security Advisory - Samba Remote Code Execution Vulnerability in Some Huawei Products

All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing an authenticated attacker to upload a shared library to a writable share and execute arbitrary code remotely on a targeted system. Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security...

Security Advisory - Multiple Vulnerabilities in UMA Products

The Unified Maintenance Audit UMA system provides a unified portal for O&M operations, controls and records users' O&M operations, and supports auditing by way of command display and video replay. The UMA product has the following vulnerabilities, which are introduced by software provided by...

Security Advisory - Memory Double Free Vulnerability in Touch Panel Driver of Some Huawei Smart Phones

The Touch Panel TP driver of some Huawei smart phones has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which coul...

Security Advisory - Two Buffer Overflow Vulnerabilities in the GaussDB

GaussDB has a buffer overflow vulnerability. An authenticated, remote attacker could use a specially crafted string in an SQL query to cause the database to crash, or lead to privilege escalation. Vulnerability ID: HWPSIRT-2017-05016 This vulnerability has been assigned a Common Vulnerabilities a...

Security Advisory - SQL Injection Vulnerability in the GaussDB

The GaussDB has a SQL injection vulnerability. An attacker with low privilege may inject some specific SQL to query or modify database files, causing database service abnormal. Vulnerability ID: HWPSIRT-2017-05017 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...

Security Advisory - Memory Double Free Vulnerability in Driver of Some Huawei Smart Phones

The soundtrigger driver of some Huawei smart phones has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash...

Security Advisory - Multiple Security Vulnerabilities in HedEx product

HedExHuawei Electronic Documentation Explorer，Huawei electronic document browser, mainly used to browse Huawei products electronic documents. HedEx exist some vulnerabilities. HedEx has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target...

Security Advisory - Buffer Overflow Vulnerability in The GaussDB

There is a buffer overflow vulnerability in the handling code for regular expressions on GaussDB. An authenticated, remote attacker could use a specially crafted regular expression to cause GaussDB to crash or possibly execute arbitrary code. Vulnerability ID: HWPSIRT-2017-05046 This vulnerabilit...

Security Advisory - Two Buffer Overflow Vulnerabilities in the GaussDB

There is a buffer overflow vulnerability in the type conversion function of the GaussDB. An attacker logs in to the system as a common user and craft malformed packets, which could be exploited to perform a denial of service attack or possibly remote code execution on the GaussDB. Vulnerability I...

Security Advisory - Four Command Injection Vulnerabilities in The FusionSphere OpenStack

The FusionSphere OpenStack has four command injection vulnerabilities due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. Vulnerability ID:...

Security Advisory - Authentication Bypass Vulnerability in the Backup Function of GaussDB

The backup function of GaussDB has an authentication bypass vulnerability. An attacker with low privilege may bypass the authentication of the backup function of database to start or stop the backup function, causing the backup function abnormal. Vulnerability ID: HWPSIRT-2017-05044 This...

Security Advisory - Two Privilege Escalation Vulnerabilities in the GaussDB

There is a privilege escalation vulnerability in the validator functions of the GaussDB. An attacker may log in to the system as a low-privilege user and execute the high-privilege functions. Then, the attacker may obtain the high-privilege of the GaussDB and crash the system. Vulnerability ID:...

Security Advisory - Command Injection Vulnerability in the GaussDB

The GaussDB has a command injection vulnerability. Due to the lack of input validation on some parameters, an attacker with low privilege may inject some specific command to modify database files, causing database service abnormal. Vulnerability ID: HWPSIRT-2017-05043 This vulnerability has been...

Security Advisory - Command Injection Vulnerability in the NetEco

Huawei iManager NetEco has a command injection vulnerability due to insufficient input validation. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a high...

Security Advisory - Multiple Vulnerabilities in MTK Platform

There are multiple vulnerabilities in the graphics driver of MTK platform in Huawei smart phones. The graphics driver has two buffer overflow vulnerabilities due to the insufficient input verification. An attacker tricks a user into installing a malicious application which has the system privileg...

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

There is Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed...

Security Advisory - DoS Vulnerability in Some Huawei Products

There is a DoS Vulnerability in some Huawei products. Due to the lack of adequate input validation, the attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks. Vulnerability ID: HWPSIRT-2017-02118 This vulnerability has been assigned a Comm...

Security Advisory - 'WannaCry ransomware' Vulnerabilities in Microsoft Windows Systems

Huawei noticed that the WannaCry ransomware targeting at Windows exploits multiple vulnerabilities in Windows Server Message Block v1 SMBv1. These vulnerabilities were disclosed by Microsoft in Microsoft security bulletin MS17-010 on March 14. Successful exploit of these vulnerabilities could all...

Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products

On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client...

Security Advisory - Directory Traversal Vulnerability in Huawei Smart Phone

There is a directory traversal vulnerability in Huawei smart phone. The attacker can trick a user into installing the malicious APP and change a specific URI to an arbitrary directory. Eventually the attacker can obtain the files in email application. Vulnerability ID: HWPSIRT-2017-03005 This...

Security Advisory - Buffer Overflow Vulnerability in Driver of Huawei Smart Phone

The camerafs driver of some Huawei products has buffer overflow vulnerability due to the lack of input validation. An attacker tricks a user into installing a malicious application which has the system privilege of the Android system and sends a specific parameter to the driver of the smart phone...

Security Advisory - Brute-force attack of Users' Safe Password in the Files APP in Huawei Mobile Phones

The Files APP in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak. Vulnerability ID...

Security Advisory - Buffer Overflow vulnerability in the GaussDB

The GaussDB has a buffer overflow vulnerability due to the lack of input validation on some parameters. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service DoS condition in the affected system. Vulnerability ID:...

Security Advisory - Buffer Overflow vulnerability in the FusionSphere OpenStack

The GaussDB of the FusionSphere OpenStack has a stack overflow vulnerability due to the lack of input validation on some parameters. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service DoS condition in the affected system...

Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products

Some Huawei products have an insufficient input validation vulnerability. An unauthenticated attacker could send a forged air interface message to an affected product through a rogue base station. Due to insufficient input validation, the attacker could exploit this vulnerability to tamper with a...

Security Advisory - Input Validation Vulnerability in Multiple Huawei Products

There is an input validation vulnerability in Huawei Multiple products. Due to the lack of input validation on the device, a remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial ...

Security Advisory - DoS Vulnerability in Some Huawei Products

There is a denial of service DoS vulnerability in some Huawei smart phones due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of...

Security Advisory - Plaintext Storage of Users’ Safe Passwords in the Files APP in Huawei Mobile Phones

The Files APP in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. Vulnerability ID: HWPSIRT-2017-03222 Th...

Security Advisory - OpenSSL Montgomery multiplication may produce incorrect results Vulnerability

The Broadwell-specific Montgomery multiplication procedure has a denial of service DoS vulnerability when handling input longer than 256 bits.Only EC algorithms that use Brainpool P-512 curves are affected. An attacker could exploit this vulnerability to cause DoS during ECDH key...

Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones

Some Huawei smartphones have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the application can get the file that keep the cipher text of the SIM card PIN. Vulnerability ID:...

Authentication Bypass Vulnerability in Huawei SkyTone

Huawei SkyTone products have an authentication bypass vulnerability. An unauthenticated attacker may craft specific message to the affected products' server. Due to insufficient authentication, the attacker may bypass the authentication and make some functions abnormal. Vulnerability ID:...

Security Advisory - Multiple Buffer Overflow Vulnerabilities in Bastet of Huawei Smart Phone

The Bastet of some Huawei mobile phones have three buffer overflow vulnerabilities due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the...

Security Advisory - Exposed System Interface Vulnerability on Huawei Smart Phones

There is a exposed system interface vulnerability on smart phones. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the...

Security Advisory - Several Vulnerabilities on the VCM5010

There is a command injection vulnerability on the VCM5010. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack. Vulnerability ID: HWPSIRT-2016-12094 This vulnerability has been assigned a Common Vulnerabilities and Exposures CV...

Security Advisory - Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones

Some Huawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen. Vulnerability ID:...

Security Advisory - Phone Finder Bypass Vulnerability in Some Huawei Smart Phones

Phone Finder is a Huawei security method that was designed to make sure someone can't just wipe and factory reset the phone if user lost it or it was stolen. The Phone Finder in some Huawei smart phones can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner o...

Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products

Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session. Vulnerability ID: HWPSIRT-2016-09065 This vulnerability has been...

Security Advisory - Information Leak Vulnerability in Huawei Hilink APP

Huawei Hilink APP has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data. Vulnerability ID: HWPSIRT-2017-01092 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website. An attacker is possible to perform a RCE Remote Code Execution attack with a malicious Content-Type value. Vulnerability ID: HWPSIRT-2017-03094 This vulnerability has been assigned a CVE ID:...