This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Advisory - Multiple Vulnerabilities in Huawei FusionServer Products

  • SA No:Huawei-SA-20150923-01-FusionServer
  • Initial Release Date: Sep 23, 2015
  • Last Release Date: Oct 21, 2015

Multiple security vulnerabilities exist in Huawei FusionServer products.

Command injection vulnerability exists in Huawei FusionServer products. An attacker could change the input parameters on the login page and enter commands, such as user creation command. (Vulnerability ID: HWPSIRT-2015-06075)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-7841.

Huawei FusionServer products do not verify the permission of a user who attempts to change the specific information. An attacker could exploit this vulnerability to log in to a server as an operator, graft a message to change the specific information, and send the message to the server to change the server information. (Vulnerability ID: HWPSIRT-2015-06076)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-7842.

A brute force cracking vulnerability exists in Huawei FusionServer products. An attacker could log in as a low-level user and execute some commands on the management interface to verify whether the user name and password of a higher-level user are correct. The device does not restrict the number of query attempts. As a result, a low-level user could brute force crack the user names and passwords of higher-level users, leading to leakage of sensitive information. (Vulnerability ID: HWPSIRT-2015-06078)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-7843.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm

Product Name

Affected Version

Resolved Product and Version

FusionServer RH2288 V3

V100R003C00

V100R003C00SPC603

FusionServer RH2288H V3

V100R003C00

V100R003C00SPC503

FusionServer  XH628 V3

V100R003C00

V100R003C00SPC602

FusionServer RH1288 V3

V100R003C00SPC100

V100R003C00SPC602

FusionServer RH2288A V2

V100R002C00

V100R002C00SPC701

FusionServer RH1288A V2

V100R002C00

V100R002C00SPC502

FusionServer RH8100 V3

V100R003C00

V100R003C00SPC110

FusionServer  CH222 V3

V100R001C00

V100R001C00SPC161

FusionServer  CH220 V3

V100R001C00

V100R001C00SPC161

FusionServer  CH121 V3

V100R001C00

V100R001C00SPC161

HWPSIRT-2015-06075

This vulnerability could be exploited by attackers to inject commands, such as user creation command.

HWPSIRT-2015-06076

This vulnerability could be exploited by attackers to change the server information, affecting system availability.

HWPSIRT-2015-06078

This vulnerability could be exploited by attackers to obtain the user names and passwords of higher-level users, leading to the leakage of sensitive information.


The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).

HWPSIRT-2015-06075

Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Temporal Score: 8.3 (E:F/RL:O/RC:C)

HWPSIRT-2015-06076

Base Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)

Temporal Score: 4.5 (E:F/RL:O/RC:C)

HWPSIRT-2015-06078

Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Temporal Score: 3.3 (E:F/RL:O/RC:C)


HWPSIRT-2015-06075

1. Prerequisite:

The attacker gains access to the FusionServer.

2. Attacking procedure:

The attacker grafts input parameters on the login page of the FusionServer server. The server does not verify the input parameters. As a result, the attacker can graft input parameters to inject malicious commands, such as the user creation command. In this way, the attacker can obtain the administrator privilege to leak sensitive information or make the device unavailable.

HWPSIRT-2015-06076

1. Prerequisite:

1)     The attacker gains access to the FusionServer.

2)     The attacker obtains the password of an operator and logs in to the FusionServer.

2. Attacking procedure:

The attacker logs in to the FusionServer as an operator, who does not have the permission to change the specific information. However, the attacker can graft messages to bypass the authentication on the client and change the server information. The FusionServer does not verify the permission of the user. As a result, the attacker can change the server information, affecting system availability.

HWPSIRT-2015-06078

1. Prerequisite:

1)     The attacker gains access to the FusionServer.

2)     The attacker obtains the password of a low-level user and logs in to the FusionServer.

2. Attacking procedure:

The attacker could log in as a low-level user and execute some commands on the management interface to verify whether the user name and password of a higher-level user are correct. The device does not restrict the number of query attempts. As a result, a low-level user could brute force crack the user names and passwords of higher-level users, leading to leakage of sensitive information.


Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm.


This vulnerability is reported by Huawei internal tester. Huawei PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.

For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.

For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.


2015-10-21 V1.2 UPDATED Assigned a CVE ID to the vulnerability

2015-09-30 V1.1 UPDATED Updated Summary and Software Versions and Fixes

2015-09-23 V1.0 INITIAL


This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.


Complete information for providing feedback on security vulnerability of Huawei products, getting support for Huawei security incident response services, and obtaining Huawei security vulnerability information, is available on Huawei's worldwide website at http://www.huawei.com/en/security/psirt/.