Security Notice-Statement About the Vulnerability in Huawei HiLink E3236 and E3276
- Initial Release Date: Aug 06, 2014
- Last Release Date: Aug 07, 2014
Huawei has been aware that Andreas Lindh, a security researcher in Sweden, disclosed a vulnerability in Huawei HiLink E3236 and E3276 on the 2014 Black Hat USA Conference. Huawei has started analysis and investigations immediately after knowing the vulnerability.
After the investigation, Huawei verifies that HiLink E3236 and E3276 have the cross site request forgery (CSRF) vulnerability. When users use these devices to visit websites that contain malicious scripts, the malicious scripts can exploit the vulnerability to change the configuration or use the functions of E3236 and E3276.
Huawei has released a security advisory (SA) and fixed versions. Customers can ask for support from local Huawei technical support services if necessary. The links is:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm
2014-08-07 V1.1 UPDATED Add the link of SA
2014-08-06 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.
