Security Advisory - Replay Attack Vulnerability of Users Abnormal Exit in VCN500

The operation and maintenance unit OMU of Huawei VCN500 Video Cloud Node does not process users’ abnormal exit properly in a specific scenario, which leaves the user’s session ID still valid. An attacker may exploit this vulnerability to launch replay attacks. Vulnerability ID: HWPSIRT-2015-07042...

Security Advisory - VCN500 SQL Injection Vulnerability

The operation and maintenance unit OMU of Huawei VCN500 Video Cloud Node does not validate parameters of received HTTP requests, which allows an attacker to launch the SQL injection attack against VCN500 by sending manually crafted packets. Vulnerability ID: HWPSIRT-2015-09016 This vulnerability...

Security Advisory - Plaintext User Password Vulnerability in VCN500 Logs

Huawei VCN500 Video Cloud Node logs user passwords in plaintext for specific operations on the certain interface, leading to user password leakage. Vulnerability ID：HWPSIRT-2015-09032 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2015-8335. Huawei has...

Security Advisory - Improper User Privileges Vulnerability in VCN500

The operation and maintenance unit OMU of Huawei VCN500 Video Cloud Node does not configure user privileges properly. By exploiting this vulnerability, ordinary users can modify the IP address of the media server in system management by sending specially crafted packets to the OMU interface,...

Security Advisory - Two Vulnerabilities in Huawei TE Series Product

Huawei TE series is a multimedia video conferencing endpoint that transfers audio, video, and desktop resources based on IP networks. It offers point-to-point and multiparty conferences for attendees at different places to enjoy face-to-face audio/video communication experience. A security...

Security Advisory - VCM User Horizontal Privilege Escalation Vulnerability

Huawei Video Content Management VCM system does not properly authenticate online users' identities and privileges, which leads to users' horizontal privilege escalation. An attacker may craft malicious messages, send them to the server, and perform illegitimate operations on cases created by othe...

Security Advisory - Information Leak Vulnerability in FusionCompute Products

There is a vulnerability in FusionCompute that enables common users to query unauthorized information. An attacker can exploit this vulnerability to query other users' information, leading to information leaks. Vulnerability ID: HWPSIRT-2015-10048 This vulnerability has been assigned Common...

Security Advisory - Path Traversal Vulnerability in Huawei Home Gateway Products

There is a path traversal vulnerability on several Huawei home gateway products. The products do not properly validate HTTP requests received by a specific port. An remote attacker may access the local files on the device without authentication by crafting an HTTP request and sending it to the...

Security Advisory - Memory Overflow Vulnerability in the Huawei Smartphone

There has a memory overflow vulnerability in Some Huawei mobile phone products. An attacker may exploit this vulnerability to gain the root access over the mobile phones. Then the attacker can further modify memory data and obtain sensitive information. Vulnerability ID: HWPSIRT-2015-10046 This...

Security Advisory - Information Leak Vulnerability in Huawei DSM Product

There is a information leak vulnerability in DSM Product. The DSM does not clear the clipboard after data in a secure file opened using the DSM is copied and the secure file is closed. Data in the clipboard can be copied in common documents that do not use the DSM, leading to information leaks...

Security Advisory - DoS Vulnerability in Huawei U2990 and U2980

Huawei U2990 and U2980 have a DoS vulnerability caused by no error correction mechanism when handling specific signaling packets. An attacker can send malformed packets to cause a denial of service condition in some services of the U2990 and U2980. Vulnerability ID: HWPSIRT-2015-09025 This...

Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products

VP9660 is the multi-point control unit of Huawei Video Conference system. The server of the Huawei VP9660 does not validate the input when using build-in WebServer. In such case, an attacker could log in to the device as an business administrator, graft a message to change the specific informatio...

Security Advisory - DoS Vulnerability in Huawei U2990 and U2980

Huawei U2990 and U2980 have a DoS vulnerability caused by no error correction mechanism when handling specific signaling packets. An attacker can send malformed packets to cause a denial of service condition in some services of the U2990 and U2980. Vulnerability ID: HWPSIRT-2015-09025 This...

Security Advisory - DoS Vulnerability in Huawei eSpace 8950 IP Phone

When Huawei eSpace 8950 IP phone receive some type of malicious ARP packets, memory leak may occur on the network interface card. When the memory is overloaded by such packets, the IP phone restarts Vulnerability ID: HWPSIRT-2015-08041. This vulnerability has been assigned Common Vulnerabilities...

Security Advisory - Directory Traversal Vulnerability in Huawei AR Router

The AR router has a directory traversal vulnerability when serving as an SFTP server. An attacker can log in to the AR router and traverse FTP server directories to access unauthorized directories, leading to information leaks. Vulnerability ID: HWPSIRT-2015-09029 This vulnerability has been...

Security Advisory - DoS Vulnerability in Camera Driver of Huawei Products

Some Huawei products have a DoS vulnerability. An attacker who has the system or camera permission can input invalid parameters into the camera driver program to crash the system. Vulnerability ID: HWPSIRT-2015-09013 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID...

Security Advisory - DoS Vulnerability in GPU Driver of Huawei Products

Some Huawei products have a DoS vulnerability. An attacker may trick a user into installing a malicious application and use it to input invalid parameters into the GPU driver program of the products, which can crash the system of the device. Vulnerability ID: HWPSIRT-2015-09017 This vulnerability...

Security Advisory - Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone

Some Huawei smart phones have a heap overflow security vulnerability in the HIFI driver. An attacker may trick a user into installing a malicious application and use the application to read and modify memory, which can reboot the system or cause permission escalation. Vulnerability ID:...

Security Advisory - Local Permission Escalation Vulnerability in GPU of P7 Phones

The graphics processing unit GPU of Huawei P7 phones have a local permission escalation vulnerability.GPU does not properly validate the specific input parameters. An attacker may trick a user into installing a malicious application and use the application to read and modify product memory addres...

Security Advisory - UE Measurement Leak Vulnerability in Huawei P8 Phones

An information leak vulnerability exists in Huawei P8 Phones. Before sending a specific signal to a base station, the P8 Phone does not check its own security status. An attacker uses a fake base station to construct a specific scenario and obtain the specific signal which includes user equipment...

Security Advisory - DHCP Snooping Vulnerability in Huawei Multiple Products

Multiple Huawei products have "DHCP Snooping" function. When the "option82 insert" or "option82 rebuild" is enabled on interface, the device is not able to parse some specific DHCP packet correctly, making the device restart. Vulnerability ID：HWPSIRT-2015-08052 This vulnerability has been assigne...

Security Advisory - VRF Hopping Vulnerability in Multiple Routers

A VPN routing and forwarding VRF hopping vulnerability exists in Huawei routers. The routers do not strictly check received MPLS forwarding packets, and an attacker may exploit this vulnerability to forward crafted packets to MPLS links, which leads to flood attacks against the destination VPN...

Security Advisory - Information Leak Vulnerability in Certain Huawei Products

Some Huawei products have two information leak vulnerabilities caused by improper encryption mechanisms. Users can use reversible or irreversible encryption algorithms to encrypt passwords. If a reversible encryption algorithm is used to encrypt administrators' passwords, an attacker with high...

Security Advisory - Multiple Vulnerabilities in Huawei FusionServer Products

Multiple security vulnerabilities exist in Huawei FusionServer products. Command injection vulnerability exists in Huawei FusionServer products. An attacker could change the input parameters on the login page and enter commands, such as user creation command. Vulnerability ID: HWPSIRT-2015-06075...

Security Advisory - MITM Vulnerability in the OpenSSL Module of Huawei eSight Network

During certificate verification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted...

Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products

A security vulnerability exists in Rivest Cipher 4 RC4 used by TLS and SSL protocols. RC4 cannot provide sufficient data protection. After listening to an SSL or TLS connection, an attacker can obtain plaintext data by brute force cracking. This vulnerability is also called Bar Mitzvah...

Security Advisory - Insufficient Input Verification Vulnerability in the FusionAccess

FusionAccess is a kind of virtual desktop applications based on Huawei cloud platform. Through the deployment of Huawei desktop cloud software on the cloud platform, customers can access the cloud desktop by the thin client device or other devices. There is an insufficient input verification...

Security Advisory - DoS Vulnerability in Huawei U1900 Products

Huawei eSpace U1900 switch series provides professional IP voice solutions to meet communications requirements from various enterprises of different sizes. Huawei eSpace U1900 series includes eSpace U1910, U1911, U1930, U1960, U1980, and U1981. A vulnerability exists in a module of U1900 series...

Security Advisory - mDNS Message Improper Handling Vulnerability in Huawei WLAN AC Products

The mDNS module in Huawei WLAN AC products improperly processes mDNS packets and responds to mDNS unicast queries from outside the link local network e.g., the WAN, leading to information leaks.Vulnerability ID: HWPSIRT-2015-03024 The CVE No. of the vulnerability is CVE-2015-6586...

Security Advisory - DoS Vulnerability in Huawei U1900 CLI Module

Huawei eSpace U1900 switch series provides professional IP voice solutions to meet communications requirements from various enterprises of different sizes. Huawei eSpace U1900 series includes eSpace U1910, U1911, U1930, U1960, U1980, and U1981. The U1900 series uses the Command Line Interface CLI...

Security Advisory - Buffer Overflow Vulnerability in the FusionAccess

FusionAccess is a kind of virtual desktop applications based on Huawei cloud platform. Through the deployment of Huawei desktop cloud software on the cloud platform, customers can access the cloud desktop by the thin client device or other devices. There is a buffer overflow vulnerability in the...

Security Advisory - No Authentication Vulnerability on the Serial Port of the UAP2105

The UAP2105 serves as a radio access device in the uBro solutions. As one of the AP series products developed on the basis of 3GPP R99/R4/R5/R6 FDD, the UAP2105 complies with the R8 HNB standard and provides Small Office and Home Office SOHO and home users with improved indoor coverage. With the...

Security Advisory - DoS Vulnerability in Huawei MBB Product

Huawei MBB Mobile Broadband product E3272s has a Denial of Service DoS vulnerability. An attacker could send a malicious packet to the Common Gateway Interface CGI of target device and make it fail while setting port attribute, which cause a DoS attack. Vulnerability ID: HWPSIRT-2015-05103 This...

Security Advisory - Stagefright Vulnerability in Multiple Huawei Android Products

The Stagefright media player engine in Android OS has multiple vulnerabilities, which can be exploited to remotely execute code in affected devices. Vulnerability ID: HWPSIRT-2015-07056, HWPSIRT-2015-07057, HWPSIRT-2015-07058, HWPSIRT-2015-07059, HWPSIRT-2015-07060, HWPSIRT-2015-07061 and...

Security Advisory - CF Card Information Leak Vulnerability on Multiple Huawei Products

The CF cards on some Huawei switches and ARs contain some sensitive information in plaintext. Once an attacker gets such a CF card, it may result in the leak of sensitive information HWPSIRT-2015-07048. Currently, official fixes are available...

Security Advisory-Two Security Vulnerabilities in the ME906 Wireless Module

ME906 is a mobile Internet access module. The module supports LTE, WCDMA, EVDO, and GSM. The product uses the M.2 interface, supports Windows 7 and Windows 8.1, and is intended for laptop and tablet OEM. This security advisory SA describes the impact of two vulnerabilities. These vulnerabilities...

Security Advisory - Web UI Authentication Vulnerability in Huawei E5756S

Huawei E5756s has a web UI authentication vulnerability. As a result, an attacker can graft commands to view the device configuration information and perform operations, such as enabling PIN/PUK authentication without logging in to the web UI Vulnerability ID: HWPSIRT-2015-03016. This Vulnerabili...

Security Advisory - VENOM Vulnerability in Huawei Products

Huawei has noticed the buffer overflow vulnerability in the floppy disk controller FDC of QEMU disclosed by open source organization Xen. This vulnerability allows an attacker to escape out of the virtual machine, execute code on the physical host with full privilege. Vulnerability ID:...

Security Advisory - Two Privilege Escalation Vulnerabilities in Huawei Mate 7 Smartphones

The tzdriver module of Huawei Mate 7 smartphone has an input check error, which allows the user-mode application to modify kernel-mode memory data and maybe make system break down or application elevate privilege. Vulnerability ID: HWPSIRT-2015-03011 These Vulnerabilities have been assigned Commo...

Security Advisory - IP Option Improper Handling Vulnerability in Multiple Huawei Products

Multiple Huawei Products have an improper IP option handling vulnerability. The IP stack implementation in multiple Huawei products mishandles IP options when a crafted ICMP request message is received, leading to the board reboot Vulnerability ID: HWPSIRT-2015-02003. This Vulnerability has been...

Security Advisory-Authentication Bypass Vulnerability on E587 Mobile WiFi

Huawei E587 products have an authentication bypass vulnerability that could be exploited by an attacker to graft commands to obtain and change configuration information, send short messages, and restart the device without login Vulnerability ID: HWPSIRT-2015-02001. This Vulnerability has been...

Security Advisory-Information Disclosure Vulnerability on E355s Mobile WiFi

E355s have an information disclosure vulnerability that could be exploited by an attacker to graft attack commands or capture network communications to obtain the configuration and user information without login Vulnerability ID: HWPSIRT-2015-02002. This Vulnerability has been assigned Common...

Security Advisory - Xen Vulnerabilities on Huawei FusionSphere products

This security advisory SA describes the impact of Xen vulnerabilities discovered in website. This vulnerability is referenced in this document as follows: XSA-120: Non-maskable interrupts triggerable by guests. In the event that the platform surfaces aforementioned UR responses as Non-Maskable...

Security Advisory – Authentication Caused Memory Overflow Vulnerability in Some Huawei Switch Products

The user authentication module in some Huawei switch products has the memory overflow vulnerability that can cause device restart when users log in improperly Vulnerability ID: HWPSIRT-2015-02014. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2015-2800...

Security Advisory - Directory File Deletion Vulnerability in UDS

When a Huawei UDS product is loading a patch, an attacker can intercept and change the patch loading information and compromise certain directory files of the device Vulnerability ID: HWPSIRT-2014-1238. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2015-225...

Security Advisory-Resource Management Vulnerability in the AR1220

Under Specifically configurations in the AR1220, An attacker sends massive traffic to the FE port from the GE port on the main board. As a result, the interface board resets unexpectedly. Vulnerability ID: HWPSIRT-2014-1298. This Vulnerability has been assigned Common Vulnerabilities and Exposure...

Security Advisory - Multiple Injection Vulnerabilities in UDS

The OceanStor UDS has some vulnerability: Attacker injects JavaScript into patch. After the patch is loaded through the OceanStor DeviceManager, the returned content contains the injected script. After the script is parsed and executed on the OceanStor DeviceManager, information leak occurs...

Security Advisory - NTPd Security Vulnerability in Multiple Huawei Products

Huawei was notified about information released by NTP.org and CERT/CC regarding stack buffer overflow security vulnerabilities CVE-2014-9295 in NTP daemon ntpd on December 19th, 2014. Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary cod...

Security Advisory - Glibc Buffer Overflow Vulnerability

Huawei noticed that Qualys had disclosed the buffer overflow in the GNU C Library glibc on January 27th, 2015, Applications call various gethostbyname function are affected and attackers can exploit this vulnerability to perform remote code execution. Vulnerability ID: HWPSIRT-2015-01045 This...

Security Advisory-Information Leakage Vulnerability in Huawei P7 Smartphone

MeWidget is a plug-in of Huawei Emotion UI. The MeWidget module on Huawei smartphone P7 has a vulnerability that could lead to the disclosure of contact information. Attackers can obtain the name and URI information of mobile phone users through the malware installed on the smartphones...