Kurt Grutzmacher

**Name of the Vulnerable Software and Affected Versions** HP Access Controller versions (affected versions not specified) HP Fabric Module versions (affected versions not specified) HP Firewall versions (affected versions not specified) HP Router versions (affected versions not specified) HP Switch versions (affected versions not specified) HP UTM Appliance versions (affected versions not specified) HP 3Com Access Controller versions (affected versions not specified) HP 3Com Router versions (affected versions not specified) HP 3Com Switch versions (affected versions not specified) HP H3C Access Controller versions (affected versions not specified) HP H3C Firewall versions (affected versions not specified) HP H3C Router versions (affected versions not specified) HP H3C Switch versions (affected versions not specified) HP H3C Switch and Route Processing Unit versions (affected versions not specified) Huawei Firewall/Gateway versions (affected versions not specified) Huawei Router versions (affected versions not specified) Huawei Switch versions (affected versions not specified) Huawei Wireless versions (affected versions not specified) **Description** The issue is related to improper implementation of access control, allowing remote authenticated users to discover credentials via an SNMP request. This is possible due to the read-only community in h3c-user.mib 2.0 and hh3c-user.mib 2.0. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Huawei NE5000E (affected versions not specified) Huawei MA5200G (affected versions not specified) Huawei NE40E (affected versions not specified) Huawei NE80E (affected versions not specified) Huawei ATN (affected versions not specified) Huawei NE40 (affected versions not specified) Huawei NE80 (affected versions not specified) Huawei NE20E-X6 (affected versions not specified) Huawei NE20 (affected versions not specified) Huawei ME60 (affected versions not specified) Huawei CX600 (affected versions not specified) Huawei CX200 (affected versions not specified) Huawei CX300 (affected versions not specified) Huawei ACU (affected versions not specified) Huawei WLAN AC 6605 (affected versions not specified) Huawei S9300 (affected versions not specified) Huawei S7700 (affected versions not specified) Huawei S2300 (affected versions not specified) Huawei S3300 (affected versions not specified) Huawei S5300 (affected versions not specified) Huawei S3300HI (affected versions not specified) Huawei S5300HI (affected versions not specified) Huawei S5306 (affected versions not specified) Huawei S6300 (affected versions not specified) Huawei S2700 (affected versions not specified) Huawei S3700 (affected versions not specified) Huawei S5700 (affected versions not specified) Huawei S6700 (affected versions not specified) Huawei AR G3 (affected versions not specified) Huawei H3C AR(OEM IN) (affected versions not specified) Huawei AR 19 (affected versions not specified) Huawei AR 29 (affected versions not specified) Huawei AR 49 (affected versions not specified) Huawei Eudemon100E (affected versions not specified) Huawei Eudemon200 (affected versions not specified) Huawei Eudemon300 (affected versions not specified) Huawei Eudemon500 (affected versions not specified) Huawei Eudemon1000 (affected versions not specified) Huawei Eudemon1000E-U/USG5300 (affected versions not specified) Huawei Eudemon1000E-X/USG5500 (affected versions not specified) Huawei Eudemon8080E/USG9300 (affected versions not specified) Huawei Eudemon8160E/USG9300 (affected versions not specified) Huawei Eudemon8000E-X/USG9500 (affected versions not specified) Huawei E200E-C/USG2200 (affected versions not specified) Huawei E200E-X3/USG2200 (affected versions not specified) Huawei E200E-X5/USG2200 (affected versions not specified) Huawei E200E-X7/USG2200 (affected versions not specified) Huawei E200E-C/USG5100 (affected versions not specified) Huawei E200E-X3/USG5100 (affected versions not specified) Huawei E200E-X5/USG5100 (affected versions not specified) Huawei E200E-X7/USG5100 (affected versions not specified) Huawei E200E-B/USG2100 (affected versions not specified) Huawei E200E-X1/USG2100 (affected versions not specified) Huawei E200E-X2/USG2100 (affected versions not specified) Huawei SVN5300 (affected versions not specified) Huawei SVN2000 (affected versions not specified) Huawei SVN5000 (affected versions not specified) Huawei SVN3000 (affected versions not specified) Huawei NIP100 (affected versions not specified) Huawei NIP200 (affected versions not specified) Huawei NIP1000 (affected versions not specified) Huawei NIP2100 (affected versions not specified) Huawei NIP2200 (affected versions not specified) Huawei NIP5100 (affected versions not specified) **Description** The issue is related to the use of the DES algorithm for stored passwords in multiple Huawei products, which makes it easier for attackers to obtain cleartext passwords via a brute-force attack. The DES encryption algorithm used for password storage is not strong enough and may be cracked. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.