all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2021-40055: Huawei OTA Insecure SSL Configuration Man-In-The-Middle Vulnerability

Add to bookmarks
May 18, 2022, midnight |

Taszk Labs on taszk.io labs labs.taszk.io

Summary In this advisory we are disclosing a vulnerability in the Huawei Over-The-Air (OTA) update implementation that allows bypassing SSL protections and execute a Man-In-The-Middle attack. The vulnerability was fixed in March 2022.
Vulnerability Details Huawei devices - both those running Android and those running HarmonyOS - use Huawei’s custom implementation for applying OTA updates.
OTA updates are packaged into a zip container. The update mechanism has several checks that are meant to ensure the authenticity of OTA images before …

configuration cve huawei insecure man-in-the-middle ssl vulnerability

Visit resource

More from labs.taszk.io / Taszk Labs on taszk.io labs

Full Chain Baseband Exploits, Part 3 5 months, 3 weeks ago | labs.taszk.io
arbitrary code baseband code code execution +14
Full Chain Baseband Exploits, Part 2 5 months, 3 weeks ago | labs.taszk.io
baseband buffer buffer overflow concrete +13
Full Chain Baseband Exploits, Part 1 5 months, 3 weeks ago | labs.taszk.io
application baseband blog blog post +13
CVE-2023-30646: Samsung RIL Heap Buffer Overflow 6 months ago | labs.taszk.io
advisory android arbitrary code baseband +19
CVE-2022-21744: Mediatek Baseband GPRS PNCD Heap Buffer Overflow 6 months ago | labs.taszk.io
advisory arbitrary code baseband buffer +16
CVE-2023-21517: Samsung Baseband LTE ESM TFT Heap Buffer Overflow 6 months ago | labs.taszk.io
advisory arbitrary code baseband buffer +18
CVE-2022-21769: Mediatek CCCI Kernel Driver OOB Read 6 months ago | labs.taszk.io
application baseband cellular communication +23
CVE-2022-21765: Mediatek CCCI Kernel Driver OOB Write 6 months ago | labs.taszk.io
advisory application arbitrary code baseband +20
CVE-2022-21766: Mediatek CCCI Kernel Driver Stack Buffer Overflow 6 months ago | labs.taszk.io
advisory application arbitrary code baseband +24

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com