This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy (update in May 2018) >

Security Notice-Statement on Multiple OpenSSL Vulnerabilities

  • Initial Release Date: 2014-06-06
  • Last Release Date: 2014-07-25

Huawei has noticed information regarding OpenSSL 7 security vulnerabilities and immediately launched a thorough investigation. The vulnerabilities are referenced in this document as follows:

  • SSL/TLS Man-in-the-Middle Vulnerability
  • DTLS Recursion Flaw Vulnerability
  • DTLS Invalid Fragment Vulnerability
  • SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability
  • SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability
  • Anonymous ECDH Denial of Service Vulnerability
  • ECDSA NONCE Side-Channel Recovery Attack Vulnerability

The investigation has been completed partially and it is confirmed that some Huawei products are affected. Huawei has prepared a fixing plan and started the development and test of fixed versions. Huawei has released an SA, which contains the fix plan and patch information of vulnerable products, the link is at http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm. Please stay tuned the SA.

The following Huawei products have been analyzed and are affected by these vulnerabilities:

The investigation conclusion:

State of Investigation

Product Information

Products Confirmed Vulnerable

Agile Controller V100R001C00
AnyOffice V200R002C10
ASG 2000 All versions
AVE 2000 All versions
AVE 2900 All versions
BMS V200R012
CPE: B890
DSM V100R002
Edge+/Edge/G6/G750/H30/Y330/G520/G610/G730/T9510E/T9200
eLog V100R003C01/V200R003C10
eMP V1R1C00
eSight V100R001/V100R002
eSpace CAD V100R001C10
eSpace CC V200R001
eSpace DCM V100R002C01
eSpace Desktop V200R001C03
eSpace IAD V300R001C07/V300R002
eSpace IPC V100R001C11/C21
eSpace IPC V200R001C01/C02
eSpace IVS V100R001C02
eSpace meeting portal V100R001
eSpace U19 serials V100R001
eSpace U2980 V100R001
eSpace U2990 V200R001
eSpace USM V100R001
eSpace VTM V100R001
Eupp V100R001
FusionCloud Desktop Solution V100R003
FusionCloud Desktop Solution V100R005C10
FusionCube V100R002
FusionManager V100R002C02
FusionManager V100R003C00/C10
FusionSphere V100R003
Home Gateway: W724V/HG659/HG659b/HHB3
Huawei VP9630 V200R001C01/C02
Huawei VP9650 V200R001C01/C02
Huawei VP9660 V200R001C01/C02
iBMC V100R001C00
iBMC V100R001C01
iSOC 3000 V200R001C00
iSOC 5000 V200R001C01
iSOC 9000 V200R001C02
LogCenter V200R003C10
ManageOne V100R001C01/C02
ManageOne V100R002C00/C10
MBB: 102HW/301HW/GL01P/HWD14 V100R001
MobilePhone: G510/G526/G740/U8180/U8185/U8655/U8665
NIP V100R002C10
NIP2000 V100R002C10
NIP5000 V100R002C10
NVS V100R002
OceanStor 18500 V100R001C00/C10
OceanStor 18800 V100R001C00/C10
OceanStor 18800F V100R001C00/C10
Oceanstor 5800 v3 V300R001C00
Oceanstor 6900 v3 V300R001C00
OceanStor Dorado2100 V100R001
OceanStor Dorado2100G2 V100R001
OceanStor Dorado5100 V100R001
OceanStor HVS85T V100R001C00/C10/C99
OceanStor HVS88T V100R001C00/C10/C99
OceanStor N8500 V200R001C09/C91
OceanStor S2200T V100R005
OceanStor S2600T V100R002/005
OceanStor S2600T V200R001C00
OceanStor S2600T V200R002C00/C10
OceanStor S5500T V100R001/002/005
OceanStor S5500T V200R001C00
OceanStor S5500T V200R002C00/C10
OceanStor S5600T V100R001/002/005
OceanStor S5600T V200R001C00
OceanStor S5600T V200R002C00/C10
OceanStor S5800T V200R001C00
OceanStor S5800T V200R002C00/C10
OceanStor S6800T V100R001/002/005
OceanStor S6800T V200R001C00
OceanStor S6800T V200R002C00/C10
OceanStor VIS6600T V100R002C00
OIC V100R001C00SPC300/V100R001C00SPC400
OMM V100R001C00
OSTA2.0 V200R006C02
OSTA2.0 V200R007C01/C02/C30
OTT: M310/M210 V100R001
PAD: Link/Youth/Vogue V100R001
     charm/ Link+/8 Vogue V100R001/002  
Policy Center V100R003C00
S2900 V100R002/005
S3900 V100R001/002/005
S5900 V100R001/002/005
S6900 V100R001/002/005
S7700/S9700 V100R006/V200R001/V200R002/V200R003/V200R005
S2750/S5700/S6700 V100R006/V200R001/V200R002/V200R003
S2700&S3700 V100R006
SMC2.0 V100R002
SoftCo V100R003/V200R001
SRG All versions
STB: DS561/DN370T/371T/D372T/DN360T V100R001
SVN2000 All versions
SVN3000 All versions
SVN5000 All versions
NIP2000 All versions
NIP5000 All versions
T3000 V100R012C00
TE30 V100R001
Tecal BH620 V100R001C00SPC100
Tecal BH620 V2 V100R002C00
Tecal BH621 V2 V100R002C00
Tecal BH622 V2 V100R002C00
Tecal BH640 V2 V100R002C00
Tecal CH121 V100R001C00
Tecal CH140 V100R001C00
Tecal CH220 V100R001C00
Tecal CH221 V100R001C00
Tecal CH222 V100R002C00
Tecal CH240 V100R001C00
Tecal CH242 V100R001C00
Tecal CH242 V3 V100R001C00
Tecal DH310 V2 V100R001C00
Tecal DH320 V2 V100R001C00
Tecal DH321 V2 V100R002C00
Tecal DH620 V2 V100R001C00
Tecal DH621 V2 V100R001C00
Tecal DH628 V2 V100R001C00
Tecal E6000 Chassis V100R001C00
Tecal E6000 V100R002C00/C01/C02/C05
Tecal E9000 Chassis V100R001C00/C10
Tecal RH1285 V100R001C01
Tecal RH1288 V2 V100R002C00
Tecal RH2265 V2 V100R002C00
Tecal RH2268 V2 V100R002C00
Tecal RH2285 V100R001C00/C01
Tecal RH2285 V2 V100R002C00
Tecal RH2285H V2 V100R002C00
Tecal RH2288 V2 V100R002C00
Tecal RH2288E V2 V100R002C00
Tecal RH2288H V2 V100R002C00
Tecal RH2485 V2 V100R002C00
Tecal RH2488 V2 V100R002C00
Tecal RH5485 V100R001C00
Tecal RH5885 V2 V100R001C01/C02
Tecal RH5885 V3 V100R003C01
Tecal RH5885H V3 V100R003C00
Tecal X6000 V100R002C00/C01
Tecal XH310 V2 V100R001C00
Tecal XH311 V2 V100R001C00
Tecal XH320 V2 V100R001C00
Tecal XH321 V2 V100R002C00
Tecal XH620 V2 V100R001C00
Tecal XH621 V2 V100R001C00
TEX0 V100R001
TP1102 V100R001
TP3106 V100R001
TSM V100R002
U8680/U8686/U8730/U8815/Y210/Y300/Y301/Y530/Sophia/Oscar
UMA V200R001C00SPC100
UMA-DB V2R1COOSPC101
USG2000 All versions
USG5000 All versions
USG6000 All versions
USG9300 V100R003
USG9500 V200R001/V300R001C01/V300R001C20SPC100
ViewPoint 8650 V100R001C01~V100R008C03
ViewPoint 8650C V100R001C01~V100R008C03
ViewPoint 8660 V100R001C01~V100R008C03
ViewPoint 9000 V100R001C01~V100R011C03
ViewPoint 9030 V100R001C01~V100R011C03
ViewPoint 9035A V100R001C01~V100R011C03
ViewPoint 9036S-M V100R001C01~V100R011C03
ViewPoint 9039A V100R001C01~V100R011C03
ViewPoint 9039A-M V100R001C01~V100R011C03
ViewPoint 9039A-T V100R001C01~V100R011C03
ViewPoint 9039S V100R001C01~V100R011C03
ViewPoint 9039S-M V100R001C01~V100R011C03
ViewPoint 9050 V100R001C01~V100R011C03
VPN Client V100R001
VSM V200R002C00

2014-07-25 V1.7 FINAL

2014-06-25 V1.6 UPDATED update list of affected products

2014-06-20 V1.5 UPDATED update list of affected products

2014-06-13 V1.4 UPDATED update list of affected products

2014-06-11 V1.3 UPDATED update list of affected products

2014-06-08 V1.2 UPDATED update list of affected products

2014-06-07 V1.1 UPDATED update list of affected products

2014-06-06 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.