This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Notice - Statement About Toolkit Released by Shadow Brokers

  • SA No:huawei-sn-20160823-01-shadowbrokers
  • Initial Release Date: 2016-08-23
  • Last Release Date: 2016-08-26

On August 15, 2016, Huawei noticed that Shadow Brokers had released a toolkit claimed as from Equation Group on GitHub website, which includes exploit tools, scripts, and manuals targeting multiple Firewall vendors.
Huawei Product Security Incident Response Team (PSIRT) started an investigation immediately. Initial analysis shows that toolkit provides no information about Huawei product vulnerabilities and exploits.
In several manuals and tools disclosed by Shadow Brokers, PSIRT finds the version information about Huawei Eudemon300/500/1000 and some description about how to modify firewall configuration, memory, and firmware after login using an admin account and password. 

Up to now, Huawei has not received any report about tool/script implantation in Huawei firewall products. To help customers detect whether their firewall device BIOSes and host software packages have been tampered with and remove implanted tools/scripts, Huawei provides a patch package for checking the integrity of the BIOSes and host software packages of the Eudemon300/500/1000 series. 
Related documents and patches for carrier customers are available at:
http://support.huawei.com/carrier/navi#col=software&detailId=PBI1-22045827&path=PBI1-7275726/PBI1-21782273/PBI1-21782306/PBI1-21450985/PBI1-16015
Related documents and patches for enterprise customers are available at:
http://support.huawei.com/enterprise/SoftwareVersionActionNew!showVDetailNew?lang=en&idAbsPath=fixnode01|7919710|9856724|21430823|21100522|8577108&pid=8577108&vrc=8616584|8616591|8628342|21093049&from=soft&tab=bz&bz_vr=8616591&bz_vrc=&nbz_vr=null
Users can also obtain them from Huawei Technical Assistance Center (TAC). For TAC contract information, please refer to http://www.huawei.com/en/psirt/report-vulnerabilities/index.htm.
PSIRT will continue to track the event. If any potential vulnerability is found in any Huawei product, we will publish a Security Advisory (SA).

2016-08-26 V1.3 UPDATE Update the link of patch package for checking the integrity
2016-08-25 V1.2 UPDATE Update the link of patch package for checking the integrity
2016-08-24 V1.1 UPDATE Add the link of patch package for checking the integrity
2016-08-23 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.