Security Advisory - Logic Error Vulnerability in Several Smartphones

There is a logic error vulnerability in several smartphones. In a special scenario, the system does not properly process. As a result, attackers can perform a series of operations to successfully establish P2P connections that are rejected by the peer end. As a result, the availability of the...

Security Advisory - Insufficient Authentication Vulnerability in Some Huawei Products

There is an insufficient authentication vulnerability in some Huawei products. An attacker may exploit the vulnerability to delete some files and cause some services abnormal. Vulnerability ID: HWPSIRT-2020-05066 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...

Security Advisory - Improper Interface Design Vulnerability in Huawei Product

There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. Vulnerability ID: HWPSIRT-2020-0501...

Security Advisory - Command Injection Vulnerability in FusionCompute

There is a command injection vulnerability in FusionCompute. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. Vulnerability ID: HWPSIRT-2020-05015 This vulnerability has be...

Security Advisory - Code Execution Vulnerability in Fastjson Affect Several Huawei Products

There is a code execution vulnerability in Fastjson affect several Huawei products. Fastjson is an opensource JSON parsing library, successful exploit could allow the attacker bypass the limit of autoType then execute code. Vulnerability ID: HWPSIRT-2020-05962 Huawei has released software updates...

Security Advisory - Use after Free Vulnerability in Huawei Smartphone

There is a user after free vulnerability in Huawei smartphone. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device. Vulnerability ID: HWPSIRT-2020-03123 This vulnerability has been...

Security Advisory - Improper Authorization Vulnerability in Several Products

There is an improper authorization vulnerability in several products. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device. Vulnerability ID: HWPSIRT-2020-05063 This vulnerability has been...

Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows SMBv1

Microsoft released a security advisory about a remote code execution vulnerability in Server Message Block Version 1 SMBv1. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. Vulnerability ID: HWPSIRT-2020-06149 This vulnerability...

Security Advisory - Elevation of Privilege Vulnerability in Some Microsoft Windows Systems

Microsoft released a security advisory to disclose an elevation of privilege vulnerability which exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability...

Security Advisory - Denial of Service Vulnerability in Several Smartphones

There is a denial of service vulnerability in several smartphones. The system does not properly limit the depth of recursion, an attacker should trick the user installing and execute a malicious application. Successful exploit could cause a denial of service condition. Vulnerability ID:...

Security Advisory - Information Leak Vulnerabilities in Huawei FusionCompute Product

There are two information disclosure vulnerability in Huawei FusionCompute product. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. Vulnerability ID: HWPSIRT-2020-05013 and HWPSIRT-2020-05065 The two vulnerabilities ha...

Security Advisory - Local Privilege Escalation Vulnerability in Huawei FusionCompute Product

There is a local privilege escalation vulnerability in Huawei FusionCompute product. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. Vulnerabili...

Security Advisory - Improper Authentication Vulnerability in Bluetooth Affect Several Huawei Products

There is an improper authentication vulnerability in Bluetooth affect several Huawei products. Legacy pairing and secure-connections pairing authentication in Bluetooth® BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing...

Security Advisory - Denial of Service Vulnerability in Several Smartphones

There is a denial of service vulnerability in several smartphones. Certain system configuration can be modified because of improper authorization. The attacker should trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of...

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged. Vulnerability ID: HWPSIRT-2019-10020 This...

Security Advisory - Protection Mechanism Failure Vulnerability in Some Huawei Products

There is a protection mechanism failure vulnerability in some Huawei products. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product. Vulnerability ID: HWPSIRT-2020-05077 This...

Security Advisory - Improper Authorization Vulnerability in Huawei Product

There is an improper authorization vulnerability in Huawei FusionComput. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service. Vulnerability ID:...

Security Advisory - Buffer Overflow Vulnerability in Several Smartphones

There is a buffer overflow vulnerability in several products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high...

Security Advisory - Insufficient Authentication Vulnerabilities in Some Huawei Smart Phone Product

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. Vulnerability ID: HWPSIRT-2019-12302 Th...

Security Advisory - Information Exposure Vulnerability in Some Huawei Smart Phones

There is an information exposure vulnerability in some Huawei smart phones. The system does not properly authenticate the application that access a specified interface. Attackers can trick users into installing malicious software to exploit this vulnerability and obtain some information about the...

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploit could allow the attacker to bypas...

Security Advisory - fastjson Injection Vulnerability in Huawei Products

fastjson have the similar vulnerability with CVE-2020-8840 that could deserialize data without proper validation, allowing a maliciously client to perform remote code execution on a service with the required characteristics. Vulnerability ID: HWPSIRT-2020-02150 Huawei has released software update...

Security Advisory - Windows DNS Server Remote Code Execution Vulnerability

Microsoft's security update in July 2020 addresses the CVE-2020-1350 vulnerability. To exploit the vulnerability, an unauthenticated attacker could send specially crafted requests to a Windows DNS server. An attacker who successfully exploited the vulnerability could run arbitrary code remotely...

Security Advisory - Out-of-bounds Write Vulnerability in Some Huawei Products

There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Vulnerability...

Security Advisory - Logic Check Error Vulnerability in Several Smartphones

There is a logic check error vulnerability in several smartphones. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. Vulnerability ID:...

Security Advisory - Apache Tomcat File Inclusion Vulnerability

There is a file inclusion vulnerability in the implementation of the AJP protocol in Apache Tomcat. Attackers can send malicious AJP requests to exploit this vulnerability. Successful exploit could cause the remote attacker read any file in a specified directory without authorization. Vulnerabili...

Security Advisory - Missing Initialization of Resource Vulnerability in Some Huawei SmartPhones

Missing Initialization of Resource Vulnerability in Some Huawei Smart Phones. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions. Vulnerability...

Security Advisory - Buffer Overflow Vulnerability in Several Smartphones

There is a buffer overflow vulnerability in several smartphones. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit m...

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The system does not properly restrict the use of system service by applications, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of audio service...

Security Advisory - Denial of Service Vulnerability in Several Smartphones

There is a denial of service vulnerability in several smartphones. Certain service in the system does not sufficiently validate certain parameter which is received, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of service...

Security Advisory - Denial of Service Vulnerability in OpenSSL

There is a Denial of Service DoS vulnerability in Openssl. Specific function in Openssl may crash during or after the TLS 1.3 handshake due to a NULL pointer dereference. Attacker may send crafted request packet to the target host service to exploit this vulnerability. Successful exploit may caus...

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and control the bottom level, successful exploit could cau...

Security Advisory - Path Traversal Vulnerability in Several Smartphones

There is a path traversal vulnerability in several smartphones. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path. Vulnerability ID: HWPSIRT-2019-10116 This vulnerability has been assigned a...

Security Advisory - Two Vulnerabilities in SaltStack Salt

An authentication bypass vulnerability was discovered in SaltStack Salt. An attacker may exploit the vulnerability to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions. Vulnerability ID: HWPSIRT-2020-05592 This vulnerability has been assigned a Common...

Security Advisory - Information Disclosure Vulnerability on some Huawei Products

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Vulnerability...

Security Advisory - Stack Overflow Vulnerability in Huawei Smart Phone Product

There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. Vulnerability ID: HWPSIRT-2019-11030 This...

Security Advisory - Improper Input Verification Vulnerability in Huawei Smartphone

There is an improper input verification vulnerability in Huawei smartphone. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak...

Security Advisory - Information Disclosure Vulnerability in Several Smartphones

There is an information disclosure vulnerability in several smartphones. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. Vulnerability ID:...

Security Advisory - Use After Free Vulnerability in Several Smartphones

There is a use after free vulnerability in several smartphones. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution...

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted...

Security Advisory - Use After Free Vulnerability in Several Smartphones

There is a use after free vulnerability in several smartphones. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution...

Security Advisory - CallStranger Vulnerability in UPnP Protocol

There is an vulnerability in UPnP protocol that does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, named CallStranger. The UPnP function of Huawei product is enabled only on the LAN side and ...

Security Advisory - Improper Signature Verification Vulnerability in Some Huawei Smartphones

There is an improper signature verification vulnerability in some smartphones. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device. Vulnerability ID: HWPSIRT-2019-11220 This...

Security Advisory - Type Confusion Vulnerability in Several Smartphones

There is a type confusion vulnerability in several smartphones. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted application, successful exploit could cause code execution. Vulnerability ID:...

Security Advisory - Race Condition Vulnerability in Several Smartphones

There is a race condition vulnerability in several smartphones. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into running a crafted application with high privilege, successful...

Security Advisory - DLL Hijacking Vulnerability on Huawei HiSuite

The HiSuite is mobile assistant software on PCs. This software contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. Vulnerability ID: HWPSIRT-2019-10121...

Security Advisory - Information Disclosure Vulnerability in Several Smartphones

There is an information disclosure vulnerability in several smartphones. Certain function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. Vulnerability ID: HWPSIRT-2019-1010...

Security Advisory - Denial of Service Vulnerability in Several Products

There is a denial of service vulnerability in several products. The device does not properly handle certain message from base station, the attacker should craft a fake base station to launch the attack, successful exploit could cause a denial of signal service condition. Vulnerability ID:...

Security Advisory - Improper Privilege Management Vulnerability in FusionShpere Product

There is an improper permissions management vulnerability in FusionShpere product. The software does not incorrectly performs a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege. Vulnerabilit...

Security Advisory - Insufficient Integrity Check Vulnerability in Several Smartphones

There is an insufficient integrity check vulnerability in several smartphones. The system does not check certain software package's integrity sufficiently, successful exploit could allow an attacker to load a crafted software package to the device. Vulnerability ID: HWPSIRT-2019-11020 This...