Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| huawei | s9300_firmware | v200r003c00 |
| huawei | s9700_firmware | v200r005c00 |
| huawei | s7700_firmware | v200r003c00 |
| huawei_firmware | s12700 | v200r005c00 |
| huawei | s9700_firmware | v200r003c00 |
| huawei | s7700_firmware | v200r005c00 |
| huawei | s9300_firmware | v200r005c00 |