Security Advisory - Information Disclosure Vulnerability in some Huawei Products

There is an information leak vulnerability in some Huawei products. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure.Vulnerability ID: HWPSIRT-2020-23793 This vulnerability has been...

Security Advisory - Memory Leak Vulnerability in Huawei Products

There is a memory leak vulnerability in huawei products. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. Vulnerability ID: HWPSIRT-2021-39541...

Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products

There is a buffer overflow vulnerability in DOPRA SSP products. An attacker can exploit this vulnerability by sending a specific message to the target device due to insufficient validation of packets. Successful exploit could cause a denial of service condition. Vulnerability ID: HWPSIRT-2020-823...

Security Advisory - Possible Out-Of-Bounds Read Vulnerability in Some Huawei Products

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Vulnerability ID: HWPSIRT-2020-00938 This vulnerability has been assigned a Common...

Security Advisory - Privilege Escalation Vulnerability in Huawei Product

There is a privilege escalation vulnerability in some Huawei products. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID...

Security Advisory - Out of Bounds Write Vulnerability in Some Huawei Products

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition. Vulnerability ID:...

Security Advisory - CSV Injection Vulnerability in Some Huawei Products

There is a CSV injection vulnerability in some Huawei Products. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files ...

Security Advisory - Improper Signature Management Vulnerability in Some Huawei Products

There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Vulnerability ID:...

Security Advisory - Path Traversal Vulnerability in Huawei FusionCube Product

There is a path traversal vulnerability in Huawei FusionCube product. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly...

Security Advisory - Use-after-free Vulnerability in Huawei Products

There is a use-after-free UAF vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Vulnerability ID: HWPSIRT-2020-67955 This vulnerability has been assigned a Common Vulnerabilities and...

Security Advisory - Path Traversal Vulnerability in Huawei PC Product

There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain...

Security Advisory - Improper Authentication Vulnerability in Huawei Product

There is an improper authentication vulnerability in Hero-CT060. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are...

Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...

Security Advisory - Improper File Upload Control Vulnerability in Huawei FusionCompute Product

There is an improper file upload control vulnerability in Huwei FusionCompute product. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal. Vulnerability...

Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...

Security Advisory - Server-Side Request Forgery Vulnerability in Huawei Product

There is a server-side request forgery vulnerability in huawei product. This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do...

Security Advisory - Improper Authorization Vulnerability in Some Huawei Products

There is an improper authorization vulnerability in some Huawei products. Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target...

Security Advisory - Information Leakage Vulnerability in Some Huawei Product

There is an information leakage vulnerability in some huawei products. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. Vulnerability ID:...

Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Smartphones

Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The app can modify specific parameters, causing the system to crash. Vulnerability ID: HWPSIRT-2020-05121 This...

Security Advisory - Logic Error Vulnerability in Several Smartphones

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Vulnerability ID:...

Security Advisory - Privilege Escalation Vulnerability in some Huawei Products

There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation. Vulnerability ID: HWPSIRT-2020-05256 Thi...

Security Advisory - Privilege Escalation Vulnerability in Huawei Products

There is a privilege escalation vulnerability in Huawei products. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service...

Security Advisory - Bluetooth Function Denial of Service Vulnerability in Some Huawei Smartphone Products

The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Vulnerability ID:...

Security Advisory - Path Traversal Vulnerability in Some Huawei Products

There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly...

Security Advisory - Logic Vulnerability in Huawei WATCH Kid Product

There is a logic vulnerability in Huawei WATCH Kid product. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target devic...

Security Advisory - Deserialization Vulnerability in Huawei AnyOffice Product

There is a deserialization vulnerability in Huawei AnyOffice product. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device. Vulnerability ID:...

Security Advisory - Out-Of-Bounds Read Vulnerability On Several Huawei Products

There is an out-of-bounds read vulnerability on several Huawei products. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a...

Security Advisory - Resource Management Error Vulnerability in Some Huawei Products

There is a resource management error vulnerability in some Huawei Products. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on...

Security Advisory - Command Injection Vulnerability in Huawei Products

There is a command injection vulnerability in Huawei products. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service. Vulnerability ID: HWPSIRT-2020-96403 This...

Security Advisory - Improper Permission Assignment Vulnerability in Some USB Dongle Products

Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a MAC OS to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated...

Security Advisory - Race Condition Vulnerability in Some Huawei Products

There is a race condition vulnerability in some Huawei products. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal. Vulnerability ID: HWPSIRT-2020-05257 This vulnerabili...

Security Advisory - Possible Out-Of-Bounds Read Vulnerability in Huawei Products

There is an out of bounds read vulnerability in some Huawei products. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal...

Security Advisory - Out-of-Bounds Read Vulnerability On Several Huawei Products

There is an out-of-bounds read vulnerability on several Huawei products. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Servic...

Security Advisory - Resource Management Error Vulnerability in Some Huawei Products

There is a resource management error vulnerability in some Huawei Products. An authentication attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service...

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some Huawei products. An attacker could exploit this vulnerability by sending specific message to a targeted device. Due to insufficient input validation, successful exploit can cause the service abnormal. Vulnerability ID: HWPSIRT-2020-24699 This...

Security Advisory - Denial of Service Vulnerability in Huawei Smartphone

There is a denial of service vulnerability in Huawei smartphone. A module does not verify certain parameters sufficiently and it leads to some exceptions. Successful exploit could cause a denial of service condition. Vulnerability ID: HWPSIRT-2020-05281 This vulnerability has been assigned a Comm...

Security Advisory - Out of Bounds Write Vulnerability in Huawei CloudEngine Product

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal. Vulnerability ID:...

Security Advisory - Improper Authorization Vulnerability in Huawei Products

There is an improper authorization vulnerability in Huawei products. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service. Vulnerability ID: HWPSIRT-2020-05262 This vulnerability has been...

Security Advisory - Denial of Service Vulnerability in Huawei Product

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Vulnerability ID:...

Security Advisory - Weak Secure Algorithm Vulnerability in Huawei Product

There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak. Vulnerability ID:...

Security Advisory - Memory Leak Vulnerability in Huawei Products

There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Vulnerability ID: HWPSIRT-2020-89990 This vulnerability has been...

Security Advisory - Insufficient Input Validation Vulnerability in FusionCompute Product

There is an insufficient input validation vulnerability in FusionCompute product. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal. Vulnerability ID: HWPSIRT-2020-05085 This...

Security Advisory - Out-of-Bounds Write Vulnerability in Some Huawei Products

There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise the normal service...

Security Advisory - Information Leak Vulnerability in Huawei Products

There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Vulnerability ID: HWPSIRT-2020-32489 This vulnerability...

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some huawei products. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal. Vulnerabilit...

Security Advisory - Multiple Threads Race Condition Vulnerability in Huawei Product

There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cau...

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal. Vulnerability ID: HWPSIRT-2020-66984 This...

Security Advisory - XXE Injection Vulnerability in Huawei Products

There is an XXE injection vulnerability in some Huawei products. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service. Vulnerability ID: HWPSIRT-2020-04355 This...

Security Advisory - Pointer Double Free Vulnerability in Some Huawei Products

There is a pointer double free vulnerability in Some Huawei Products. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash,...

Security Advisory - Denial of Service Vulnerability in Some Products

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Vulnerability ID: HWPSIRT-2020-70186 This vulnerability has been...