Security researchers from cybersecurity firm Swascan revealed that they have discovered multiple vulnerabilities in Huawei’s Web Application and Servers. Swascan stated cybercriminals can exploit the critical vulnerabilities to access sensitive information. The research team said they’ve identified three vulnerabilities that could impact regular operations if exploited.
According to Swascan, the three discovered flaws in Huawei’s web applications include: CWE-119 (Improper Restriction on Memory Buffer) — The hacker can access the memory and can possibly execute malicious codes. CWE-125 (Out-of-bounds Read) — This flaw allows an attacker to read sensitive information. CWE-78 (OS Command Injection) — The attackers can use this flaw to execute unauthorized commands to crash the software and access the restricted data.
The security team at Swascan informed Huawei counterparts about their discoveries. “In the world of cybersecurity, the principle of collaboration is finally establishing itself. The risks increase by a huge margin every year and this has mandated a cultural as well as technological Paradigm Shift. Our experience with Huawei shows that if these values are correctly understood they can be an additional backbone to create an effective and efficient Cyber Security Framework,” said Pierguido Iezzi, Co-Founder of Swascan.
With an aim to protect the United States communications and computer networks from “foreign adversaries”, President Donald Trump has declared a national emergency over threats against American technology. The president signed an executive order which effectively bars U.S.-based companies from using foreign telecoms, which are believed to pose national security risks, the White House said. The executive order does not name any company, but it’s believed that the move is expected to precede a ban on U.S. firms doing business with the Chinese telecommunications company, Huawei.
According to the White House statement, Trump’s order aims to “protect America from foreign adversaries who are actively and increasingly creating and exploiting vulnerabilities in information and communications technology infrastructure and services”.
“The order gives the secretary of commerce the power to prohibit transactions posing an unacceptable risk to the national security,” the statement added.
Huawei faced a similar issue last year during Australia’s Shadow Minister for Defence Richard Marles’s apprehension and a possible ruling toward Huawei ban from 5G networks citing cybersecurity concerns. Huawei published a letter to Australian members of Parliament over the comments made. The company vehemently stated that the rumors and comments were ill-informed and have no factual basis.