Huawei has noticed information regarding OpenSSL heartbeat extension (Heartbleed bug) security vulnerability on April 8th, 2014 (UTC+8) and immediately launched a thorough investigation.
The investigation has been completed basically and it is confirmed that some Huawei products are affected. Huawei has prepared a fixing plan and started the development and test of fixed versions. Huawei has released an SA, which contains the fix plan and patch information of vulnerable products, the link is at http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-332187.htm. Please stay tuned the SA.
The investigation conclusion：
State of Investigation
For details about the vulnerability, please visit
2014-07-25 V1.8 FINAL
2014-04-29 V1.7 UPDATED update list of products not affected
2014-04-18 V1.6 UPDATED update list of products not affected
2014-04-18 V1.5 UPDATED update list of products not affected and the link of SA
2014-04-16 V1.4 UPDATED update list of products not affected
2014-04-15 V1.3 UPDATED update list of products not affected
2014-04-14 V1.2 UPDATED add list of products not affected
2014-04-11 V1.1 UPDATED update investigation status information
2014-04-09 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at firstname.lastname@example.org if you find any security vulnerability of Huawei products.