Security Notice - Statement on seven vulnerabilities in dnsmasq in Huawei product
- Initial Release Date: Oct 06, 2017
- Last Release Date: Nov 03, 2017
Huawei noticed that Google disclosed seven vulnerabilities (CVE-2017-14491/CVE-2017-14492/CVE-2017-14493/CVE-2017-14494/CVE-2017-14495/CVE-2017-14496/CVE-2017-13704), These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution, information exposure, and denial of service. Huawei immediately launched a thorough investigation.
After the investigation, it has been verified that HG8021H/HG8045A/HG8045A2/HG8245A/HG8247H routers are not affected.
Confirmed that some Huawei products are affected by these vulnerabilities. Huawei has delivered Security Advisory for these vulnerabilities. Customers can get necessary support for product security vulnerabilities through Huawei local technical service. The link of the security advisory is: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en
2017-11-03 V1.1 FINAL
2017-10-06 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.
