Security
Headlines
HeadlinesLatestCVEs

Tag

#huawei

Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules

The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.

DARKReading
#vulnerability#mac#windows#linux#ddos#dos#git#intel#perl#botnet#amd#huawei#auth#ssh
This Vote Could Change the Course of Internet History

UN countries are preparing to pick a new head of the International Telecommunications Union. Who wins could shape the open web's future.

U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List

The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, along with its subsidiary ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the list of communications equipment and services that have been deemed a threat to national security. The agency said the companies are subject to the Chinese government's exploitation, influence, and control, and could

CVE-2021-46835: Security Advisory - Traffic Hijacking Vulnerability in Huawei Routers

There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.

CVE-2022-33735: huawei-sa-20220628-01-2eda0853-en

There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed.

CVE-2020-36602: huawei-sa-20220826-01-outofboundread-en

There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.

CVE-2021-46834: huawei-sa-20220819-01-7e0a6103-en

A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4).

CVE-2022-37395: Security Advisory - The input verification vulnerability of a Huawei Device product is involved.

A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks.Affected product versions include:CV81-WDM FW versions 01.70.49.29.46.

CVE-2020-36600: September

Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2022-20399: Android Security Bulletin—September 2022  |  Android Open Source Project

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel