A developer from France discovered an unpleasant vulnerability for him - and pleasant for many others - in Huawei
The developer who discovered the problem reported itHuawei back in mid-February. And he did it exactly as recommended by the company - by encrypted e-mail, after which he received a response in the form of an unencrypted letter containing the text of the original letter. The disregard for security did not stop there: the company asked not to publish information for 5 weeks to fix the problem, but did not fix it in 5 weeks or three months, and stopped responding to the developer's letters.
After that, the developer published information aboutvulnerability, however incomplete: he did not specify which API returns links so inaccurately, and its detection is the most difficult task. Thus, without special knowledge, exploiting the vulnerability will be quite difficult. However, even such a semi-publication of the vulnerability had an effect on Huawei: the very next day, the company began to distribute the update patch, promising to complete the process by May 25.
© Ilya Nerybov.
Sourced from https://evowizz.dev/