Huawei was notified about information released by Recurity Lab regarding security vulnerabilities in Huawei AR 18/28 Routers at the Defcon 2012 conference held late July 2012. Huawei immediately launched a thorough investigation and communicated with Recurity Labs.
After the investigation, it has been verified that AR18/28/46/19/29/49 series access routers and S20/30/35/39/51/56/78/85 series switches have security vulnerabilities that affect the HTTP management interface and could be exploited by attackers when there is no restriction on the remote access to the equipment said above. As those are OEM products, we have contacted the OEM supplier so they can assess their range of products to ensure no similar vulnerabilities exist. Huawei has examined its self-designed and engineered products and found no similar vulnerabilities.
Huawei has delivered three Security Advisories and mitigation measures. Customers can get necessary support for product security vulnerabilities through Huawei local technical service.
Huawei has already established response mechanism to deal with product security issues. Please report to Huawei PSIRT at firstname.lastname@example.org if you find any security vulnerability of Huawei products.
2012-12-21 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at email@example.com if you find any security vulnerability of Huawei products.