This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Corporate Worldwide
Corporate
Corporate news and information
Consumer
Phones, laptops, tablets, wearables & other devices
Enterprise
Enterprise products, solutions & services
Carrier
Products, solutions & services for carrier networks
Huawei Cloud
Cloud products, solutions & services

Select a Country or Region

Security Notice-Statement on OpenSSL Heartbeat Extension Vulnerability

  • Initial Release Date: Apr 09, 2014
  • Last Release Date: Jul 25, 2014

Huawei has noticed information regarding OpenSSL heartbeat extension (Heartbleed bug) security vulnerability on April 8th, 2014 (UTC+8) and immediately launched a thorough investigation.

The investigation has been completed basically and it is confirmed that some Huawei products are affected. Huawei has prepared a fixing plan and started the development and test of fixed versions. Huawei has released an SA, which contains the fix plan and patch information of vulnerable products, the link is at http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-332187.htm. Please stay tuned the SA.

The investigation conclusion:

State of Investigation

Product Information

Products Confirmed Not Vulnerable

AnyOffice
AR/NE16EX-8 series Router
ATN
BITS
CBSC series
CBTS
Contact Center
CloudEngine series LAN Switch
CX600
Consumer Device: Dongle/ Mobile WiFi/ M2M Solutions/ Home Gateway/ Home Media Devices/ MediaPad Tablets
DNS/CG series
DSLAM
DSM
eA660/eA661
eBBU530
eLog
eMDC610/eMRS610/EG860/EM35/EP650/EP680/EV750
eOMC910
eNSP\ eDesk\ WLAN planner\ WLAN tester
Eudemon/SVN/USG/NIP/ASG/AntiDDoS/AVE/SRG/WAF series Firewall
GBTS
IAD
iODN
IPCLK1000&IPCLK3000
IPPBX
iSOC series
MCU
ME60
MEDIAX3600
Microwave series
MSAN
MSTP series
MXU series
NE40E&80E
NE5000E
NetEco series
Numen
OLT
OMP
ONT
PTN
RSE
SC
SE2600
SG7000
SIWF
SMC
S series LAN Switch
TE series
TMS9950
Tropo
TSM V1R2
UMA
UMA-DB
UMG8900
VCT
VPN Client
WDM
WIMAX
WLAN series
Telepresence series
S8016
NE40&80
NE20&20E&05&16&08E&16E
MA5200G&MA5200E&MA5200F&MA5200
CX200&300&CX380 FusionSphere
TC(CT3000/CT5000/CT6000)
OceanStor 2200T/S2600T/S5500T/S5600T/5800T/5800T
OceanStor VIS6600T
OceanStor Dorado5100
OceanStor Dorado2100 G2
OceanStor SNS2124/SNS2224/SNS2248
OceanStor HDP3500E
OceanStor VTL6900
OceanStor UDS
ManageOne

For details about the vulnerability, please visit

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160


2014-07-25 V1.8 FINAL

2014-04-29 V1.7 UPDATED update list of products not affected

2014-04-18 V1.6 UPDATED update list of products not affected

2014-04-18 V1.5 UPDATED update list of products not affected and the link of SA

2014-04-16 V1.4 UPDATED update list of products not affected

2014-04-15 V1.3 UPDATED update list of products not affected

2014-04-14 V1.2 UPDATED add list of products not affected

2014-04-11 V1.1 UPDATED update investigation status information

2014-04-09 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.

online services
mask

Online Services

consumer

Consumer Products

Gobal Service Hotline
Local Website
cloud

Huawei Cloud

Sales: +852-800-931-122

Chatbot
enterprise

Enterprise

Global Service Hotline
Pricing/Info
carrier network

Carrier Network

Global Service Hotline
All Contacts