Security Advisory - Information Disclosure Vulnerability in Several Products

There is an information disclosure vulnerability in several products. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure. Vulnerability...

Security Advisory - Improper Authorization Vulnerability in Some Huawei Smartphones

There is an improper authentication vulnerability in some Huawei smart phones. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could allow the attacker to perform unauthorized operation...

Security Advisory - Denial of Service Vulnerability in Huawei FusionAccess Product

There is a Denial of Service DoS vulnerability in Huawei FusionAccess Product. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through other device on the same network. Successful exploit could cau...

Security Advisory - Insufficient Input Verification of Some Huawei products

Some Huawei products have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage. Vulnerability ID: HWPSIRT-2020-05141 This...

Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones

There is an improper authentication vulnerability in some Huawei smartphones. Due to the identity of the message sender is not properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. Vulnerability ID: HWPSIRT-2019-1213...

Security Advisory - FasterXML Jackson-databind Injection Vulnerability in Huawei Products

It was found that jackson-databind, a Java library used to parse JSON and other data formats, could deserialize data without proper validation, allowing a maliciously client to perform remote code execution on a service with the required characteristics.Vulnerability ID: HWPSIRT-2020-02149 This...

Security Advisory - Multiple OOB Read Vulnerabilities in COPS implementation of Some Huawei Products

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

Some Huawei products have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal. Vulnerability ID: HWPSIRT-2019-12421 This vulnerability has...

Security Advisory - Improper Handling of Exceptional Condition Vulnerability in Huawei Smartphones

There is an improper handling of exceptional condition Vulnerability in Huawei Smartphones. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones. Vulnerability ID:...

Security Advisory - Information Disclosure Vulnerability in Several Smartphones

There is an information disclosure vulnerability in several smartphones. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. Vulnerability...

Security Advisory - Kr00k Vulnerability in Broadcom Wi-Fi chips

There is an information disclosure vulnerability named Kr00k in Broadcom Wi-Fi chips. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information...

Security Advisory - Stack Buffer Overflow Vulnerability in Several Products

There is a stack buffer overflow vulnerability in several products. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code...

Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products

There is a privilege escalation vulnerability in the ioctl handlers of the Mediatek CMDQ driver. Local attackers can exploit this vulnerability to read and write to the system memory. Successful exploit may lead to local escalation of privilege. Vulnerability ID: HWPSIRT-2020-03106 This...

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function. Vulnerability ID: HWPSIRT-2019-08104 This vulnerability has been...

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Vulnerability ID:...

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC...

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain...

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without...

Security Advisory - Use After Free Vulnerability in Several Products

There is a use after free vulnerability in several products. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code...

Security Advisory - Information Leakage Vulnerability in Some Huawei Products

There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Vulnerability ID: HWPSIRT-2020-02166 This vulnerability has been assigned a Common...

Security Advisory - Out of Bounds Read Vulnerability in Several Smartphones

There is an out of bound read vulnerability in several smartphones. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. Vulnerability ID:...

Security Advisory - Integer Overflow Vulnerability in Android affects Several Huawei Smartphones

There is an integer overflow vulnerability in Android affects several Huawei smartphones. There is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. Vulnerability ID:...

Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones

There is an improper authentication vulnerability in some Huawei smartphones. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability...

Security Advisory - Improper Authentication Vulnerability in Several Huawei Products

Some Huawei products have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. Vulnerability ID: HWPSIRT-2020-03160 This vulnerability has been assigned a Common...

Security Advisory - Privilege Escalation Vulnerability in Huawei PCManager Product

Huawei PCManager has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can inject commands to exploit this vulnerability. Successful exploit may cause privilege escalation. Vulnerability ID: HWPSIRT-2019-12143 This...

Security Advisory - Invalid Pointer Access Vulnerability in Huawei OceanStor Product

There is an invalid pointer access vulnerability in Huawei OceanStor 5310 product. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot. Vulnerability ID: HWPSIRT-2020-02002...

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series of operation in ADB mode. Vulnerability ID:...

Security Advisory - Improper Authentication Vulnerability in Several Huawei Products

Some Huawei products have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. Vulnerability ID: HWPSIRT-2020-04035 This vulnerability has been assigned a Common...

Security Advisory - Local Privilege Escalation Vulnerability in Huawei PCManager Product

There is a local privilege escalation vulnerability in Huawei PCManager product. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID: HWPSIRT-2020-02134 This...

Security Advisory - Three Out of Bounds Vulnerabilities in Several Smartphones

There are three out of bounds vulnerabilities in several smartphones. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. Vulnerability ID:...

Security Advisory - Local Privilege Escalation Vulnerability in Huawei OSD Product

There is a local privilege escalation vulnerability in Huawei OSD product. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID: HWPSIRT-2020-02153 This...

Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones

There is an improper authentication vulnerability in some Huawei smartphones. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to exploit this vulnerability. Successful exploit ma...

Security Advisory - Denial of Service Vulnerability on Huawei Smartphone

There is an denial of service vulnerability on some Huawei smartphone. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device abnormal. Vulnerability ID: HWPSIRT-2019-12057 This...

Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products

There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cau...

Security Advisory - Information Disclosure Vulnerability in Several Smartphones

There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, successful exploit...

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Vulnerability ID: HWPSIRT-2020-01073 This...

Security Advisory - Insufficient Integrity Validation Vulnerability in Several Products

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB. Vulnerability ID:...

Security Advisory - Information Disclosure Vulnerability about SWAPGS Instruction

An information disclosure vulnerability exists when certain x86-64-bit central processing units CPU speculatively access memory, this vulnerability uses the SWAPGS instruction in the CPU. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially...

Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products

There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal OLT. Vulnerability ID: HWPSIRT-2019-09333 This vulnerabilit...

Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone

There is a use-after-free UAF vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability. Vulnerability ID: HWPSIRT-2019-12405 This...

Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones

There is an improper authentication vulnerability in some Huawei smartphones. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow t...

Security Advisory - Improper Access Control Vulnerability in Several Smartphones

There is an improper access control vulnerability in several smartphones. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain...

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Vulnerability ID: HWPSIRT-2019-12128 and...

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do. Vulnerability ID: HWPSIRT-2019-12104 This...

Security Advisory - Logic Error Vulnerability in Several Smartphones

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Vulnerability ID:...

Security Advisory - Double Free Vulnerability in Some Huawei Products

There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Vulnerability ID: HWPSIRT-2019-09024 This vulnerability has...

Security Advisory - Improper Authentication Vulnerability in Some Huawei Products

Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit...

Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products

There is an out-of-bounds read vulnerability in some Huawei products. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products. Vulnerability ID: HWPSIRT-2018-12378 This vulnerability has been...

Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone

There is an improper authentication vulnerability in some Huawei smartphone. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. Vulnerabili...

Security Advisory - Information Leakage Vulnerability in Motion Sensor

Motion sensor in some Huawei smart phones has an information leakage vulnerability. An attacker may exploit this vulnerability to obtain specific information from the motion sensor through an APP installed on the smart phone and track the user. Successful exploit may cause information leak...