Security Advisory - Privilege Escalation Vulnerability in Huawei Mate7

Android versions earlier than 5.0 are affected by the vulnerability, which allows an attacker to escalate privilege. Huawei Mate7 is affected by the vulnerability Vulnerability ID: HWPSIRT-2015-01043. This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2014-791...

Security Advisory- Local Denial of Service Vulnerability in Huawei Ascend P7

Huawei Ascend P7 Sophia-L09 uses Android 4.4, which is the upgrade version of EMUI 3.0. The phone module crashes when a third-party app sends specific broadcast messages or enables specific UIs. Vulnerability ID: HWPSIRT-2014-1233 This vulnerability has been assigned Common Vulnerabilities and...

Security Advisory-Authority Control Vulnerability in Quidway Switches

Huawei Quidway switches have the authority control vulnerability in access authentication, which may be exploited by attackers to obtain higher access permissions. Vulnerability ID: HWPSIRT-2014-11119 This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2015-1460...

Security Advisory-Memory Leak Vulnerability on USG products

The HUAWEI USG9560/9520/9580 is a high-end 10-Gigabit Firewall. The USG9560/9520/9580 applies to Internet backbone networks, IP dedicated backbone networks, IP metropolitan area networks MANs, Internet data center IDC egress. This security gateway provides multiple powerful and all-round security...

Security Advisory-Multiple Vulnerabilities on Huawei Tecal

Some Huawei server products have multiple security vulnerabilities. 1.Some Huawei server products have the sensitive information leak vulnerability. Users who log in to the products can view the sessions IDs of all online users on the Online Users page of the web UI. Attackers can also view the...

Security Advisory-WPS PIN Offline Brute Force Cracking Vulnerability in Huawei Home Gateway Products

Some Huawei home gateways are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator RNG used in the supplier’s solution is not random enough. As a result, brute force cracking the PIN code is easier. After an attacker cracks the PIN...

Security Advisory-Privilege Escalation Vulnerability in IPMICommand of the HMM Software in a Huawei Server Product

The Hyper Module Management HMM software of some Huawei server products has a security vulnerability. When the operator of the HMM software uses the IPMICommand to perform operations on the iMana software, the operator can modify the user configuration of iMana through privilege escalation...

Security Advisory-Privilege Escalation Vulnerability in the HMM Software of a Huawei Server Product

The Hyper Module Management HMM software of some Huawei server products has a security vulnerability. The software has a design defect, enabling a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user vulnerability ID: HWPSIRT-2014-11116...

Security Advisory-Multiple Vulnerabilities in the RomPager Component of Home Gateway

RomPager is the embedded web server from AllegroSoft. RomPager component has two vulnerabilities. Some Huawei Home Gateway products use RomPager component and are affected by these two vulnerabilities. RomPager Authentication Security Bypass –Misfortune Cookie: The vulnerability is due to an...

Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product

Huawei eSpace Desktop products have the following vulnerabilities: 1 The program does not implement comprehensive validity check on the QES file imported into the system, causing the system to exit unexpectedly. Vulnerability ID: HWPSIRT-2014-1151 This vulnerability has been assigned Common...

Security Advisory-SSLv3 POODLE Vulnerability in Huawei Products

The SSLv3 protocol supported by some Huawei products has the so-called Padding Oracle On Downgraded Legacy Encryption POODLE vulnerability. The attacker can launch a man-in-the-middle attack to manipulate the TLS negotiation process so that the communication parties use SSLv3, which has informati...

Security Advisory-Multiple Vulnerabilities on Huawei P2 Smartphone

This security advisory SA describes two vulnerabilities. The decoder driver of P2 was found to allow any application to read or write to an arbitrary memory address. HWPSIRT-2014-0401 This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2014-2273. The Kingsoft...

Security Advisory - App Validity Check Bypass Vulnerability in Huawei P7 Smartphone

The PackageInstaller module on Huawei smartphone P7 has a vulnerability in validity check of third-party apps. Attackers can configure some specific information in the malware packages so that smartphones consider that the package is downloaded from whitelisted websites. As a result, the malware...

Security Advisory-File Upload Vulnerability on Huawei Honor Cube Wireless Router WS860s

Huawei Honor Cube wireless router WS860s supports the file upload function. It allows users to access its files through the web page. As the device is unable to verify every type of file to be uploaded and does not strictly restrict the file access path through the web page, attackers may upload...

Security Advisory-Bash Code Injection Vulnerability

This security advisory SA describes the impact of 6 Bash vulnerabilities discovered in third-party software Vulnerability ID: HWPSIRT-2014-0951. 1.OS Command Injections vulnerability CVE-2014-6271. GNU Bash through 4.3 processes trailing strings after function definitions in the values of...

Security Advisory-DLL Hijacking Vulnerability on Huawei USB Modem products

This security advisory SA describes the impact of DLL-Hijacking vulnerability discovered in website. Vulnerability ID: HWPSIRT-2014-1046 This vulnerability is referenced in this document as follows: Any user in the system can modify the legitimate binary to any kind of malicious executable. If an...

Security Advisory-XSS Security Vulnerability on Huawei E355

Huawei E355 portable 3G wireless routers have the stored cross-site scripting XSS vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users. Vulnerability ID: HWPSIRT-2014-0516 The CVE No. of the...

Security Advisory-VRP SSH Denial of Service Vulnerability

The SSH of the VRP has an input verification issue. Remote attackers can send a special SSH packet to the device to cause a denial of service Vulnerability ID: HWPSIRT-2014-0701. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2014-8572...

Security Advisory-Memory Overflow Vulnerabilities on Huawei E5332 Webserver

Huawei E5332 wireless router has the following two memory overflow vulnerabilities: Memory overflow occurs when the E5332 Webserver parses a specially crafted HTTP request message, causing the device reboot Vulnerability ID: HWPSIRT-2014-0861. This Vulnerability has been assigned Common...

Security Advisory-9 OpenSSL vulnerabilities on Huawei products

This security advisory SA describes the impact of 9 OpenSSL vulnerabilities discovered in third-party software. Vulnerability ID: HWPSIRT-2014-0816 These vulnerabilities are referenced in this document as follows: 1.Information leak in pretty printing functions CVE-2014-3508. A flaw in OBJobj2txt...

Security Advisory-Information Leakage Vulnerability via MPLS Ping in VRP Platform

VRP Versatile Routing Platform has been developed by Huawei to provide improved IP routing services. The VRP has been widely applied to network devices, including high-end and low-end switches and routers, wireless and transmission devices. Information leakage vulnerability exists in several...

Security Advisory-CSRF Vulnerabilities in Multiple Products

Cross-site request forgery CSRF vulnerabilities are discovered in multiple products, including FusionManager Vulnerability ID: HWPSIRT-2014-0408 and USG firewall series Vulnerability ID: HWPSIRT-2014-0406. Vulnerabilities in the web interface of these devices could allow an unauthenticated, remot...

Security Advisory-Screen Capture Vulnerability on Huawei Ascend P6 Mobile Phones

Apps on Huawei Ascend P6 mobile phones can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones. Vulnerability ID： HWPSIRT-2014-0893. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID:...

Security Advisory - Remote Security Bypass Vulnerability on Huawei Android Devices

Android version 4.1.1 - 4.4.2 is prone to a remote security bypass vulnerability CVE-2013-6272: A vulnerability in the Android system allows an attacker to initiate or terminate arbitrary calls without the callphone permission. After investigation， we confirm that some Huawei smartphone and table...

Security Advisory- SSH Username Information Disclosure Vulnerability in Huawei Campus Switch

Some versions of Huawei Campus switch series products S9300/S9300E/S7700/S9700 /S5700/S6700/S5300/S6300/S2300/S2700/S3300/S3700 are affected by username information disclosure vulnerability. When the maintenance terminal of a Huawei Campus switch uses SSH to log in to a server, attackers can gues...

Security Advisory-CSRF Vulnerability in Huawei HiLink Products

Several Huawei HiLink products have the CSRF Vulnerability. When users use these devices to visit websites that contain malicious scripts, the malicious scripts can exploit the vulnerability to change the configurations or use the functions of products. Vulnerability ID: HWPSIRT-2014-0243 This...

Security Advisory-Apache Struts2 vulnerability on Huawei multiple products

Some versions of Apache Struts2 software used in Huawei devices have security vulnerabilities. A patch released for the software to fix vulnerabilities CVE-2014-0050 and CVE-2014-0094 has the risk of being bypassed. Vulnerability ID: HWPSIRT-2014-0420 This Vulnerability has been assigned Common...

Security Advisory-Heap Overflow Vulnerability in Huawei eSap Platform

Huawei eSap software platform has four heap overflow vulnerabilities. Huawei products that have used this platform are affected. When receiving some special malformed packets, such devices access heap memory that is beyond the valid range and cause unexpected restart of the devices. If an attacke...

Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products

This security advisory SA describes the impact of 7 OpenSSL vulnerabilities discovered in third-party software. The vulnerabilities are referenced in this document as follows: 1.SSL/TLS Man-in-the-Middle Vulnerability CVE-2014-0224. An unauthenticated, remote attacker with the ability to intercep...

Security Advisory-Multiple Heap Overflow Vulnerabilities in Huawei Campus Series Switches

Some Huawei Campus series switches have three heap overflow vulnerabilities. When receiving some special malformed packets, such devices access heap memory that is beyond the valid range and cause unexpected restart of the devices. If an attacker keeps sending such malformed packets, the devices...

Security Advisory-Radius Vulnerability on Some Huawei Devices

On huawei Campus Switch, AR, SRG,WLAN devices, the RADIUS component cannot handle malformed RADIUS packets. This vulnerability allows attackers to repeatedly restart the device, causing a DoS attack Vulnerability ID: HWPSIRT-2014-0307. This Vulnerability has been assigned Common Vulnerabilities a...

Security Advisory- BootRom Menu and Boot Menu Vulnerabilities on Huawei Campus Switches

Some versions of Huawei Campus S7700/S9300/S9700 switches are affected by the BootRom and Boot Menu vulnerability. 1. Unauthorized users are allowed to upgrade the bootrom or bootload software. Vulnerability ID: HWPSIRT-2014-0315 2. The BootRom Menu vulnerability allows unauthorized users to bypa...

Security Advisory-Improper Input Validation Vulnerability on Multiple Quidway Switch Products

Reported by the internal R&D engineers, several switch products does not validate the input properly. This vulnerability enables attacker to launch DoS attack by crafting and sending malformed packet to these vulnerable products Vulnerability ID: HWPSIRT-2014-0301. This Vulnerability has been...

Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug) on Huawei multiple products

Some OpenSSL software versions used in multiple Huawei products have the following OpenSSL vulnerability. Unauthorized remote attackers can dump 64 Kbytes of memory of the connected server or client in each attack. The leaked memory may contain sensitive information, such as passwords and private...

Security Advisory- Y.1731 Vulnerability on Some Huawei Switches

Y.1731 is an ITU-T recommendation for OAM features on Ethernet-based networks. Y.1731 provides connectivity detection, diagnosis, and performance monitoring for VLAN/VSI services on MANs. Some Huawei switches support Y.1731 and therefore, has the Y.1731 vulnerability in processing special packets...

Security Advisory-Improper User Permission Setting Vulnerability in Huawei eSpace Meeting

User permissions are not properly set on Huawei eSpace Meeting. Attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. HWPSIRT-2014-0241. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID:...

Security Advisory-DoS Vulnerability in Eudemon8000E

Huawei Eudemon8000E firewall allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process become slowly and users may be unable to log in to the device HWPSIRT-2014-0101. This Vulnerability has bee...

Security Advisory-Vulnerability in Image Upload of User-defined Devices to Huawei eSight System

Huawei eSight System is an operation and maintenance system that Huawei develops for next-generation wireless/wired enterprise campus networks, enterprise branches, and data centers. When users adapt new devices for it, the server verifies the format of the files to be uploaded unsuccessfully...

Security Advisory-A DoS Vulnerability in the SSH Module on Huawei AR Router

On Some Huawei AR routers that receive a large number of SSH authentication attack packets with malformed data, legitimate users fail to log in through SSH. Attackers can construct massive attack packets to cause the AR routers to deny SSH login from legitimate users. HWPSIRT-2013-1255. This...

Security Advisory-A Vulnerability on the HWTACACS Authorization Module of the CloudEngine

The HWTACACS modules of some Huawei CloudEngine series switches have vulnerabilities. Attackers can execute the commands that can be used by users with higher-level permissions by bypass the right check of HWTACACS server. HWPSIRT-2013-1256. This Vulnerability has been assigned Common...

Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products

Apache Struts2 is a second-generation and enterprise-ready Java web application framework based on the Model-View-Controller MVC architecture. This advisory describes four vulnerabilities of Apache Struts 2.0.0 - 2.3.15. Huawei products and applications using the above versions of Apache Struts a...

Security Advisory- Web Interface Authentication Bypass Vulnerability in Huawei Tecal RH2285 V2 Server

Tecal RH2285 V2 is a next-generation 2 U 2-socket rack server. Featuring two Intel® Xeon® E5-2400 series processors, the RH2285 V2 provides large storage capacity, flexible scalability, and superb cost-effectiveness, which is an ideal hardware platform for big data and distributed storage...

Security Advisory-The Firewall Module of SPU Board Information Leakage Vulnerability of Huawei Campus Switch

The Service Process Unit SPU is the value-added service card of the Switch. SPU provides services such as load balancing, firewall, Network Address Translation NAT, IP Security IPSec, and NetStream. It mainly be deployed in network of carrier and enterprise customers, and provides network securit...

Security Advisory-Vulnerability of Session ID not Updating in VP9610/9620

VP viewpoint 9610/VP9620 is the multi-point control unit of Huawei Video Conference system. By testing, there is a vulnerability of “Session ID not updating” in VP9610/9620. Vulnerability ID: HWNSIRT-2013-0318 Currently, official fixs are available...

Security Advisory-Overflow Vulnerabilities in SNMPv3

Simple Network Management Protocol version 3SNMPv3 is provided by Huawei for network and device management. While the SNMPv3 is enable on some Huawei products, attackers can crash the vulnerable equipment by sending malformed SNMPv3 messages, and make a denial of service DoS attack to vulnerable...

Security Advisory-The AR Abnormally Resets When Receiving Special DHCP Packets

Access Router AR is a low-end router of Huawei. It provides both mobile and fixed network access modes, applies to enterprises. In application processing on the live network, when special ip phone use DHCP to requests for address information from the AR, a special field is carried in the request...

Security Advisory - Huawei VSM Default User Groups’ Privilege Escalation

VSM Versatile Security Manager is a unified security service management system launched by Huawei for carrier and enterprise customers. VSM contains a vulnerability that default user groups’ privilege could be escalated when one user logs in to the system to modify default user groups’ permission...

Security Advisory - Stack Overflow Vulnerabilities in SNMPv3 debugging mode

Simple Network Management Protocol version 3SNMPv3 is provided by Huawei for network and device management. While the SNMPv3 is enable and debugging is turn on, attackers can make stack overflow by sending malformed SNMPv3 messages with shellcode encoded, and attack vulnerable equipment remotely...

Security Advisory-Segment Fault When Parsing Http Request in Web server of E585

HUAWEI E585 Wireless Modem is the terminal which can realize the high-speed wireless network access. The access is realized by the connection between USB interfaces and PCs or by the connection between WiFi and many wireless devices. In the network coverage area of HSPA/UMTS or EDGE/GPRS/GSM, use...

Security Advisory-Web server vulnerabilities on Huawei E585 pocket Wi-Fi 2 device

HUAWEI E585 Wireless Modem is the terminal which can realize the high-speed wireless network access. The access is realized by the connection between USB interfaces and PCs or by the connection between WiFi and many wireless devices. In the network coverage area of HSPA/UMTS or EDGE/GPRS/GSM, use...