Huawei UTPS software runs on USB modem products to manage data cards. It provides data card setting, dial-up setting, message sending and receiving, and contacts management functions.
UTPS contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by UTPS improperly. And it allows an attacker to load this DLL file of the attacker’s choosing that could execute arbitrary code. (Vulnerability ID: HWPSIRT-2016-02009)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-2780.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
Resolved Product and Version
Earlier than UTPS-V200R003B015D15SP00C983
Attacker can exploit the vulnerability to load a DLL file of the attacker's choosing that could execute arbitrary code. This may helps attacker to successful exploits the system if attacker creates shell as a DLL.
The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Temporal Score: 5.7(E:F/RL:O/RC:C)
The attacker gets the data cards device;
2. Attacking procedure:
This vulnerability exists due to the way DLL file is loaded by UTPS. It allows an attacker to load a DLL file of the attacker’s choosing that could execute arbitrary code. This may helps attacker to successful exploits the system if user creates shell as a DLL.
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities
This vulnerability was first reported by Sachin Wagh. Huawei would like to thank Sachin Wagh for reporting this issue and for working with us to help protect the security of our customers.
2016-03-02 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.