This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Notice - Statement on Command Injection Vulnerability in Huawei HG655m Product

  • Initial Release Date: Mar 27, 2018
  • Last Release Date: Mar 27, 2018

Huawei noticed that security researcher David Maciejak of Fortinet's FortiGuard Labs revealed a command injection vulnerability (CVE-2017-17224) in Huawei HG655m product. Security researcher David Maciejak has sent the vulnerability to Huawei PSIRT before disclosing the information. Huawei immediately launched a thorough investigation.

Huawei has finished the investigation and confirmed that Huawei HG655m product is affected by this vulnerability. And this vulnerability can be only exploited by local area network (LAN). Huawei has already provided a version to fix the vulnerability and has contacted the affected carrier. Huawei PSIRT will keep updating the SN, please stay tuned.
We express our appreciation for David Maciejak’s concerns on Huawei products.

2018-03-27 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.