Security Notice-Statement on Arbitrary File Upload Security Vulnerability in Honor Cube Wireless Router WS860s
- Initial Release Date: 2014-09-12
- Last Release Date: 2014-11-04
Huawei was notified about information released regarding arbitrary file upload security vulnerability in Honor Cube Wireless Router WS860s at the Wooyun security summit held September 2014. Huawei immediately launched a thorough investigation.
After the investigation, it has been verified that Honor Cube Wireless Router WS860s has the arbitrary file upload security vulnerability and could be exploited by attackers when the attackers can access WS860s through LAN ports or Wi-Fi.
Huawei has delivered Security Advisories and mitigation measures. Customers can get necessary support for product security vulnerabilities through Huawei local technical service. The link of the security advisory is:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-396206.htm
2014-11-14 V1.1 UPDATED Added the conclusion of investigation and the link of Security Advisory
2014-09-12 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.
