Security Advisory - SNMP vulnerability on Huawei multiple products

In some of Huawei products as affected products list below, there are MIBs which support the query of the local user account and password. However, the security authentication protection for SNMP V1 and V2 is not enough, which leads to the risk that the user account and password can be disclosed...

Security Advisory - Buffer Overflow in Huawei UTPS Back-End

The back-end software UTPS is the application software which is operated on the management data card of PC to realize the configuration and dial-up connection of data card, instant messages receiving and sending, telephone directory management and the like. The current product has a vulnerability...

Security Advisory- Risk of Password Being Cracked Due to DES Encryption Algorithm

In multiple Huawei products, DES encryption algorithm is used for password and the encryption is not strong enough so it may be cracked HWNSIRT-2012-0820. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2012-4960. Temporary fix for this vulnerability is...

Security Advisory-HTTP Session Management Vulnerability in HTTP Module

Branch Intelligent Management System BIMS and Web management is provided by Huawei for network and device management. Both BIMS and Web management use HTTP. Therefore, to use BIMS and Web management, you must enable HTTP. Because HTTP session ID generation is weak and predictable, an attacker can...

Security Advisory-Buffer Overflow on Heap When Parsing Http Response in HTTP Module

Branch Intelligent Management System BIMS and Web management is provided by Huawei for network and device management. Both BIMS and Web management use HTTP. Therefore, to use BIMS and Web management, you must enable HTTP. Attackers can make heap overflow by sending malformed HTTP Response message...

Security Advisory-Buffer Overflow on Stack in HTTP Module

Branch Intelligent Management System BIMS and Web management is provided by Huawei for network and device management. Both BIMS and Web management use HTTP. Therefore, to use BIMS and Web management, you must enable HTTP. Attackers can make stack overflow by sending messages with the URI whose...