Jianfeng.Li

Name of the Vulnerable Software and Affected Versions: Huawei UMA version V200R001C00 Description: The issue is related to a SQL injection vulnerability in the operation and maintenance module. An attacker can exploit this by logging in as a common user and sending crafted HTTP requests with malicious SQL statements. Due to inadequate input validation on HTTP requests with user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries. Recommendations: For Huawei UMA version V200R001C00, consider restricting access to the operation and maintenance module until a fix is available, and ensure proper input validation is implemented for all HTTP requests containing user-supplied input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.