Security Advisory - Improper Licenses Management Vulnerability in Some Products

There has a license management vulnerability in some huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect...

Security Advisory - JavaScript Injection Vulnerability in Huawei Smartphone

There is a JavaScript injection vulnerability in Huawei smartphone. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending malicious application request to launch JavaScript injection. This may compromise normal service. Vulnerability ID:...

Security Advisory - Arbitrary Memory Write Vulnerability in Huawei Smart Phone

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Vulnerability ID: HWPSIRT-2020-04031 This vulnerability has been assigned a Common...

Security Advisory - Out of Bounds Write Vulnerability in Huawei Smartphone

There is an out of bounds write vulnerability in Huawei Smartphone product when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause th...

Security Advisory - Denial of Service Vulnerability in Huawei Product

There is a denial of service vulnerability in Huawei product. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal...

Security Advisory - XSS Injection Vulnerability in a Huawei Product

There is a XSS injection vulnerability in a Huawei product. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client. Vulnerability ID:...

Security Advisory - Sudo Privilege Escalation Vulnerability

A heap-based buffer overflow vulnerability was found in the way sudo parses command line arguments. This flaw is exploitable by any authenticated, local user who can execute the sudo command. Successful exploitation of this flaw could lead to privilege escalation. Vulnerability ID:...

Security Advisory - Local Privilege Escalation Vulnerability in Some Huawei Products

There is a local privilege escalation vulnerability in some Huawei product. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. Vulnerability ID:...

Security Advisory - Denial of Service Vulnerability in Huawei Product

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to affected module. This can lead to denial of service. Vulnerability ID: HWPSIRT-2020-65315 This...

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Vulnerability ID...

Security Advisory - Denial of Service Vulnerability in Some Products

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services abnormal. Vulnerability ID: HWPSIRT-2020-32540 This vulnerability has bee...

Security Advisory - Use After Free Vulnerability in Huawei Product

There is a use-after-free vulnerability in Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Vulnerability ID:...

Security Advisory - Information Leakage Vulnerability in Some Huawei Products

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. Vulnerability ID:...

Security Advisory - Improper Resource Management Vulnerability in eUDC660 Product

The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be...

Security Advisory - Improper Information Processing Vulnerability in Huawei Products

There is a vulnerability that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to performs some operation can get information and cause information leak. Vulnerability ID: HWPSIRT-2020-36604 This vulnerability has been assigne...

Security Advisory - Improper Permission Assignment Vulnerability in Huawei ManageOne Product

There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain user to do certain operations with improper permission. Vulnerability ID: HWPSIRT-2020-8163...

Security Advisory - Information Leakage Vulnerability in Huawei Products

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Vulnerability ID: HWPSIRT-2020-74955 This vulnerability ha...

Security Advisory - Weak Algorithms Vulnerability in Huawei Smartphone

There is a weak algorithm vulnerability in Huawei smartphone. The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module. Vulnerability ID: HWPSIRT-2020-37421 This vulnerability has been assigne...

Security Advisory - Buffer Overflow Vulnerability in Huawei Smartphone

There is a buffer overflow vulnerability in Huawei smartphone. A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service...

Security Advisory - CSV Injection Vulnerability in ManageOne Product

There has a CSV injection vulnerability in ManageOne Product. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files ...

Security Advisory - Pointer Double Free Vulnerability in Huawei Smartphone

There is a pointer double free vulnerability in Huawei smartphone. There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal...

Security Advisory - Information Leak Vulnerability in Huawei Products

There is an information leak vulnerability. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. Vulnerability ID: HWPSIRT-2020-01428 This vulnerability has...

Security Advisory - Use After Free Vulnerability in Huawei Smartphone

There is a use after free vulnerability in smartphone. A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal servic...

Security Advisory - Out-of-Bound Read Vulnerability in Huawei Smartphone

There is an out-of-bound read vulnerability in Huawei smartphone. A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service...

Security Advisory - Out-of-Bound Read Vulnerability in Huawei Smartphone

There is an out-of-bound read vulnerability in Huawei smartphone. A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service. Vulnerability ID: HWPSIRT-2020-04158 Thi...

Security Advisory - Buffer Overflow Vulnerability in Some Huawei Mobile Phones

Some Huawei products have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow. Vulnerability ID: HWPSIRT-2020-43452 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...

Security Advisory - Inconsistent Interpretation of HTTP Requests Vulnerability in Some Huawei Products

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Vulnerability ID: HWPSIRT-2020-05294 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2021-22293...

Security Advisory - Local Privilege Escalation Vulnerability in Some Huawei Products

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID: HWPSIRT-2020-60009 This...

Security Advisory - Logic Vulnerability in Huawei Gauss100 Product

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Vulnerability ID: HWPSIRT-2020-94600 This...

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service DoS vulnerability in some Huawei products. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. Vulnerability ID: HWPSIRT-2020-01270 This...

Security Advisory - Insufficient Integrity Check Vulnerability in Huawei Sound X Product

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Vulnerability ID: HWPSIRT-2020-00213 This...

Security Advisory - Out-of-Bound Read and Write Vulnerability in Huawei Product

There is an out-of-bound read and write vulnerability in Huawei smartphone. A module dose not verify the input sufficiently. Attackers can exploit this vulnerability by modifying some configuration to cause out-of-bound read and write, causing denial of service. Vulnerability ID: HWPSIRT-2020-051...

Security Advisory - Insufficient Integrity Check Vulnerability in Huawei Product

There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. Vulnerability ID:...

Security Advisory - Resource Management Errors Vulnerability in Huawei Smartphone Product

There is a resource management errors vulnerability in Huawei smartphone product. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience. Vulnerability ID: HWPSIRT-2020-06101 This...

Security Advisory - Privilege Escalation Vulnerability in Huawei Product

There is a privilege escalation vulnerability in some Huawei products. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise...

Security Advisory - Out-of-Bounds Read Vulnerability in Huawei CloudEngine Products

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the...

Security Advisory - Memory Leak Vulnerability in Huawei CloudEngine Product

There is a memory leak vulnerability in Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak. Vulnerability ID:...

Security Advisory - Improper Authentication Vulnerability in Huawei Product

There is an improper authentication vulnerability in Huawei Products. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service. Vulnerability ID:...

Security Advisory - Information Leak Vulnerability in Huawei Product

There is an information leak vulnerability in Huawei product. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak. Vulnerability ID: HWPSIRT-2020-06053 This vulnerability has been assign...

Security Advisory - Denial of Service Vulnerability in Huawei Smartphone

There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service DoS on the specific module. Vulnerability ID: HWPSIRT-2020-06018 This vulnerability has...

Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone

There is an out-of-bound read vulnerability in huawei smartphone Mate 30. An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the...

Security Advisory - Use after Free Vulnerability in Huawei Product

There is a use after free vulnerability on Huawei smartphones. A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would...

Security Advisory - Out of Bound Read Vulnerability in Huawei Product

There is an out of bound read vulnerability in some products. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. Vulnerability ID: HWPSIRT-2020-24601 This vulnerability has been assigned ...

Security Advisory - Resource Management Errors Vulnerability in Huawei Smartphone Product

There is a resource management errors vulnerability in Huawei smartphone product. Local attackers construct malicious application files, causing system applications to run abnormally. Vulnerability ID: HWPSIRT-2020-06020 This vulnerability has been assigned a Common Vulnerabilities and Exposures...

Security Advisory - CSV Injection Vulnerability in iManager NetEco Product

There has a CSV injection vulnerability in iManager NetEco Product. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV...

Security Advisory - Information Disclosure Vulnerability in TE Mobile Software

There is an information disclosure vulnerability in TE Mobile software. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure. Vulnerability...

Security Advisory - Privilege Escalation Vulnerability in Huawei Smartphone

There is a privilege escalation vulnerability on Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion. Vulnerability ID: HWPSIRT-2020-00070 This...

Security Advisory - Resource Management Error Vulnerability in Huawei CloudEngine 1800V Product

CloudEngine 1800V product has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally. Vulnerability ID: HWPSIRT-2020-86502 This vulnerability has been...

Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products

There is a privilege escalation vulnerability in some Huawei products. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation. Vulnerability ID:...

Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones

There is an out-of-bounds read and write vulnerability in smartphone products. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the...