Got it

AC6005 and vulnerability VU#228519

Latest reply: Oct 18, 2017 23:12:34 1828 5 0 0 0
Hi,

Does anyone have any information about the AC6005 and vulnerability vu#228519?
https://www.kb.cert.org/vuls/id/228519
We're looking to patch the AC for this particular vulnerability, but we are unable to find any information in the release notes. Latest update appears to be V200R007C20SPC300 from 2017-09-26. Would this update patch our security for this vulnerability?

  • x
  • convention:

Thanks for the reply but you just linked me to the 6005 product page. I created this post after checking that page and finding nothing. I literally found the forum by clicking on the forum tab on that page.
View more
  • x
  • convention:

And now apparently the V200R007C20SPC300 version/patch published on 2017-09-26 disappeared from the
downloads section overnight!

Last patch available was published on 2017-08-18. Since vendors were made aware of the vulnerability on 08-22-2017, we're going to have to assume every version of the ac6005 is vulnerable. This post was last edited by huawei-admin_tobania at 2017-10-18 09:47.
View more
  • x
  • convention:

Huawei WLAN Products Are Not Affected
a) APs working in non-bridge mode are not affected by the vulnerabilities.
b) For leaf APs in bridge mode (Mesh/WDS): The open-source
component wpa_supplicant is not used by Huawei APs. The WPA2 key
negotiation process is implemented using Huawei-developed
component. Therefore, these vulnerabilities do not exist on the key
loading mechanism of Huawei APs.
View more
  • x
  • convention:

eqts
eqts Created Oct 18, 2017 23:13:05 (0) (0)
Take security protection measures for Wi-Fi networks using WPA2
authentication.
a) Enable the WIPS/WIDS attack defense function of Huawei APs to
defend against rogue AP interference.
b) Upgrade the operating system of terminals to ensure terminal
sec 

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.