Huawei noticed that security researcher Bhaskar Borman revealed a Stored Cross Site Scripting (XSS) (CVE-2017-15312) and a CSV Injection (CVE-2017-15313) vulnerability in Huawei SmartCare products. Security researcher Bhaskar Borman has sent the vulnerabilities to Huawei PSIRT before disclosing the information. Huawei immediately launched a thorough investigation.
Huawei has finished the investigation and confirmed that Huawei SmartCare products are affected by this vulnerability. Huawei has already provided a version SEP V2R3C10U10SPC6 to fix the vulnerabilities. Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.
We express our appreciation for Bhaskar Borman’s concerns on Huawei products.
2017-12-01 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.