Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user's desktop in an instant, without unlocking the screen lock of...

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Vulnerability ID: HWPSIRT-2019-04082 Th...

Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones

There is an information leak vulnerability in some Huawei smart phones. An attacker could send specific command in the local area network LAN to exploit this vulnerability. Successful exploitation may cause information leak. Vulnerability ID: HWPSIRT-2019-10001 This vulnerability has been assigne...

Security Advisory - Buffer Error Vulnerability in Some Huawei Products

There is a buffer error vulnerability in some Huawei products. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset...

Security Advisory - Improper Credentials Management Vulnerability in Some Products

There is an improper credentials management vulnerability in some products. The software does not properly manage certain credential, successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity. Vulnerability ID: HWPSIRT-2018-12263 This vulnerabili...

Security Advisory - Denial of Service Vulnerability in Several Smartphones

There is a denial of service vulnerability in several smartphones. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone...

Security Advisory - Multiple Vulnerabilities in the X.509 Implementation in Some Huawei Products

There is a denial of service vulnerability in some Huawei products. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a malicious certificate to perform a denial o...

Security Advisory - Missing Integrity Checking Vulnerability on Some Huawei Products

There is a missing integrity checking vulnerability on some Huawei products. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection. Vulnerability ID: HWPSIRT-2019-01085 This vulnerabilit...

Security Advisory - Integer Overflow Vulnerability in the Linux Kernel (SACK Panic)

An integer overflow vulnerability was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. A remote attacker could use this to cause a denial of service. Vulnerability ID: HWPSIRT-2019-06130 This vulnerability has been assigned a Common...

Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products

There is an insufficient input validation vulnerability in some Huawei products. Due to incorrect input validation logic, a high-privilege attacker should bypass the device security detection mechanism, then modify the memory of the device by doing a series of operations. Successful exploit may...

Security Advisory - Improper Access Control Vulnerability in Huawei Share

There is an improper access control vulnerability in Huawei Share. The function incorrectly controls certain access messages, attackers can simulate a sender to steal P2P network information. Successful exploit may cause information leakage. Vulnerability ID: HWPSIRT-2019-09452 This vulnerability...

Security Advisory - Insufficient Input Validation Vulnerability in Huawei Share

There is an insufficient input validation vulnerability in Huawei Share. Attackers can exploit this vulnerability by sending crafted packets to the affected device. Successful exploit may cause the function will be disabled. Vulnerability ID: HWPSIRT-2019-09454 This vulnerability has been assigne...

Security Advisory - Buffer Overflow Vulnerability in Some Huawei Smart Phones

There is a buffer overflow vulnerability in some Huawei smart phones. An attacker may intercept and tamper with the packet in the local area network LAN to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. Vulnerability ID: HWPSIRT-2019-09447 This...

Security Advisory - Information Disclosure Vulnerability in Some Huawei Products

Some Huawei products have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure. Vulnerability ID: HWPSIRT-2019-10408 This...

Security Advisory - Information Disclosure Vulnerability in Several Smartphones

There is an information disclosure vulnerability in certain Huawei smartphones. The software does not properly handle certain information of application locked by applock in a rare condition, successful exploit could cause information disclosure. Vulnerability ID: HWPSIRT-2018-08142 This...

Security Advisory - Information Leak Vulnerability in Huawei CloudUSM-EUA Product

There is an information leak vulnerability in Huawei CloudUSM-EUA product. Due to improper configuration, the attacker may cause information leak by successful exploitation. Vulnerability ID: HWPSIRT-2019-09106 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...

Security Advisory - Information Leakage Vulnerability on Some Huawei Products

There is an information leakage vulnerability on some Huawei products. An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an information disclosure condition. Vulnerability ID: HWPSIRT-2019-04080 This vulnerability...

Security Advisory - Denial of Service Vulnerability on Some Huawei Smartphones

There is a denial of service vulnerability on some Huawei smartphones. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability...

Security Advisory - Multiple Vulnerabilities in Some Huawei Products

There is an out-of-bounds read vulnerability in some Huawei products. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful...

Security Advisory - Improper Authentication Vulnerability in Several Products

There is an improper authentication vulnerability in several products. The device does not perform a sufficient authentication when doing certain operation, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack. Vulnerability ID:...

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks. Vulnerability ID: HWPSIRT-2019-02008 This vulnerability has been assigned a Common Vulnerabilities and Exposur...

Security Advisory - Improper Authentication Vulnerability in Smartphones

There is an improper authentication vulnerability in smartphones. The applock does not perform a sufficient authentication in a rare condition, successful exploit could allow the attacker to use the application locked by applock in an instant. Vulnerability ID: HWPSIRT-2019-04103 This vulnerabili...

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The software does not properly restrict certain operation of certain privilege, the attacker should trick the user into installing a malicious application before the user turns on student mode function. Successful exploit...

Security Advisory - Out-of-bounds Read Vulnerability in Advanced Packages of Gauss100 OLTP Database

There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database t...

Security Advisory - Denial of Service Vulnerability in some Huawei Products

Some Huawei products have a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target...

Security Advisory - DoS Vulnerability in Some Huawei Products

Some Huawei products have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal. Vulnerability ID:...

Security Advisory - Remote Code Execution Vulnerability in Fastjson

A remote code execution vulnerability exists in the open-source JSON parsing library Fastjson. Remote attackers can send crafted JSON data packets to exploit this vulnerability. Successfully exploit could allow the attacker to execute arbitrary code on the target Fastjson server. Vulnerability ID...

Security Advisory - Insufficient Verification of Data Authenticity Vulnerability in Some Huawei Products

Some Huawei products has an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modifies the packets, and sends the modified packets to the peer device. Due to insufficient verification of some...

Security Advisory - Path Traversal Vulnerability in Several Smartphones

There is a path traversal vulnerability in several smartphones. The system does not sufficiently validate certain pathname from the application, an attacker should trick the user into installing, backing up and restoring a malicious application, successful exploit could cause information...

Security Advisory - Buffer Overflow Vulnerability in Huawei Atlas Product

There is a buffer overflow vulnerability in Huawei Atlas product. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash. Vulnerability ID: HWPSIRT-2019-08062 This vulnerability has been...

Security Advisory - Information Disclosure Vulnerability in Several Smartphones

There is an information disclosure vulnerability in certain Huawei smartphones. An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. Vulnerability ID: HWPSIRT-2019-04101 This...

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation. Vulnerability ID: HWPSIRT-2019-02253 This vulnerabili...

Security Advisory - Information Leak Vulnerability in Huawei Smart Speaker Myna

There is an information leak vulnerability in Huawei smart speaker Myna. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations. Vulnerability ID: HWPSIRT-2019-08059 This vulnerability has been assigned a Common Vulnerabiliti...

Security Advisory - Improper Validation of Array Index Vulnerability in Several Smartphones

There is an improper validation of array index vulnerability in several smartphones. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful...

Security Advisory - Use of Insufficiently Random Values Vulnerability in Huawei ViewPoint Products

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak. Vulnerability ID: HWPSIRT-2019-10076 This vulnerability has been...

Security Advisory - Improper File Management Vulnerability in Huawei Share

The Huawei Share function of some Huawei phones has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim...

Security Advisory - Improper Access Control Vulnerability in Huawei Share

There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share,...

Security Advisory - Two Vulnerabilities in Some Huawei Home Routers

Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories. Vulnerability ID:...

Security Advisory - Insufficient Authentication Vulnerability in Several Band Products

There is an insufficient authentication vulnerability in several products. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band. Vulnerability ID: HWPSIRT-2019-09490 This...

Security Advisory - Two Heap Buffer Overflow Vulnerabilities in Broadcom WiFi Chipset Drivers

There are two heap buffer overflow vulnerabilities in Broadcom WiFi chipset drivers. A remote, unauthenticated attacker may send specially-crafted WiFi packets to exploit these vulnerabilities. Successfully exploit may cause Wi-Fi functions abnormal. Vulnerability ID: HWPSIRT-2019-04121 and...

Security Advisory - Information Leakage Vulnerability on Some Smart Phones

There is an information leakage vulnerability on some Huawei smart phones. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage. Vulnerability ID: HWPSIRT-2019-04072 This vulnerability has been assigned ...

Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones

There is an improper authentication vulnerability in some Huawei smartphones. Successful exploitation may cause the attacker to access specific components. Vulnerability ID: HWPSIRT-2019-07245 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2019-5233. Huawe...

Security Advisory - Information Leak Vulnerability in Some Huawei Products

Some Huawei mobile phones have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information. Vulnerability ID: HWPSIRT-2019-04053 This vulnerability has been assigned a...

Security Advisory - Use-after-free Vulnerability in Android Kernel

There is a use-after-free vulnerability in binder.c of Android kernel. Successful exploitation may cause the attacker elevate the privilege. Vulnerability ID: HWPSIRT-2019-10100 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2019-2215. Huawei has released...

Security Advisory - Out-Of-Bound Read Vulnerability in Some Huawei Products

There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service abnormal. Vulnerability I...

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service abnormal. Vulnerability ID: HWPSIRT-2019-04075 This...

Security Advisory - Insufficient Authentication Vulnerability in Several Smartphones

There is an insufficient authentication vulnerability on several smartphones. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock...

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The software does incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. Vulnerability ID: HWPSIRT-2019-07075 This...

Security Advisory - Improper Validation Vulnerability in Several Smartphones

There is an improper validation vulnerability on several smartphones. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model , successful exploit could allow the attacker to get an...

Security Advisory - Out-of-bounds Read Vulnerability in Gauss100 OLTP Database of Some Huawei Products

There is an out-of-bounds read vulnerability in the Gauss100 OLTP database of some Huawei products due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerabilit...