Scribd
Upload
223 views11 pages

E8372h Firmware Release Notes V1.0: Huawei Technologies Co., LTD

This document provides release notes for firmware version V1.0 of the E8372h product. The firmware supports LTE Cat4 data speeds up to 150Mbps downlink and 50Mbps uplink, as well as HSPA+ and WCDMA standards. Improvement details are provided for hardware, firmware, WebUI, and software vulnerability fixes between versions. Limitations include unspecified unrealized features. The document contains confidential product and version information.

Uploaded by

alexxx
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
223 views11 pages

E8372h Firmware Release Notes V1.0: Huawei Technologies Co., LTD

This document provides release notes for firmware version V1.0 of the E8372h product. The firmware supports LTE Cat4 data speeds up to 150Mbps downlink and 50Mbps uplink, as well as HSPA+ and WCDMA standards. Improvement details are provided for hardware, firmware, WebUI, and software vulnerability fixes between versions. Limitations include unspecified unrealized features. The document contains confidential product and version information.

Uploaded by

alexxx
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 11

Product name Confidentiality level

E8372h CONFIDENTIAL
Product version
Total 8 pages
V1.0

E8372h Firmware Release Notes


V1.0

Prepared by V7R11 team Date 2016-09-19


Reviewed by V7R11 team Date 2016-09-19
Approved by Date

Huawei Technologies Co., Ltd.

All rights reserved


Revision Record
Date Revisio FW-WebUI/Stick Change Description Author
n Version
version
2016-09-19 1.0 FW First version V7R11 team
21.321.01.00.00

2017-3-16 1.0 FW21.323.01.00.0 MR version liuming


0
2017-8-01 1.0 FW21.327.01.00.0 MR version liuming
0
2017-9-18 1.0 FW21.328.01.00.0 MR version Xiayichao
0
2017-10-24 1.0 FW21.328.03.00.0 MR version Xiayichao
0
2018-09-21 1.0 FW21.333.01.00.0 MR version E8372h-153
0 Team
2019-11-7 1.0 FW21.333.03.00.0 MR version E8372h-153
0 Team
Table of Contents
1 Main Features..........................................................................................................................4
2 Hardware.................................................................................................................................4
2.1 Hardware Specifications........................................................................................................................4
3 Firmware..................................................................................................................................5
3.1 Version Description................................................................................................................................5
3.2 Firmware Specifications........................................................................................................................5
3.3 Improvement in the Previous Version..................................................................................................5
3.1 Known Limitations and Issues..............................................................................................................6
4 WebUI/HiLink...........................................................................................................................6
4.1 Version Description................................................................................................................................6
4.2 WebUI/HiLink Specifications...............................................................................................................6
4.3 Improvement in the Previous Version..................................................................................................6
4.4 Known Limitations and Issues..............................................................................................................6
5 Software Vulnerabilities Fixes..................................................................................................7
6 Accessory Product from other Vendor.....................................................................................7
6.1 Known Limitations and Issues..............................................................................................................7
7 Others......................................................................................................................................7
8 Reference................................................................................................................................7
E8372h Firmware Release Notes V1.0 CONFIDENTIAL

E8372h Firmware Release Notes V1.0

1 Main Features
The E8372h supports the following standards:
 LTE cat4 data service up to 150Mbit/s (Downlink) and 50Mbit/s(Uplink)
 DC-HSPA+ data service up to 43.2 Mbit/s
 HSPA+ data service up to 21.6 Mbit/s
 HSDPA packet data service of up to 14.4 Mbit/s
 HSUPA data service up to 5.76 Mbit/s
 WCDMA PS domain data service of up to 384 Kbit/s
 Equalizer and receive diversity
 microSD Card Slot (Up to 32G)
 Data and SMS Service
 Plug and play
 Standard USB interface
 CSFB

2 Hardware

2.1 Hardware Specifications

Item Specifications

Hardware Version  CL1E8372HM Ver.A


 LTE 3GPP R9
Technical standard  HSPA+/UMTS: 3GPP R99/R5/R6/R7/R8
 GSM/GPRS/EDGE: 3GPP R99
USB: Type A with standard USB 2.0 High speed interface
LED: indicating the status of the Data Card

External interfaces SD card: standard TF card interface

SIM/USIM card: standard 6-pin SIM card interface

RF interface: external RF interface

Maximum power
 3.5 W
consumption

Power supply 5V

Dimensions (D × W × H) About 94mm(D) × 30mm(W) × 14mm (H)

Weight  50g

Page 4
E8372h Firmware Release Notes V1.0 CONFIDENTIAL

Item Specifications
 Operating: –10℃ to +40℃
Temperature
 Storage: –20℃ to +70℃
Humidity 5% to 95%

 Plug and play (PnP)


Base Information
 Standard USB 2.0 High Speed interface, auto installation,
convenient for use
Note:
3GPP = The 3rd Generation Partnership Project
TS = Technical Specification
LED = Light-Emitting Diode
SIM = Subscriber Identity Module
USIM = UMTS Subscriber Identity Module

3 Firmware

3.1 Version Description

Firmware Version: 21.333.03.00.00


Baseline information Balong V7R11 C30B333

3.2 Firmware Specifications

Firmware
Item Specifications

Version 21.333.03.00.00

3.3 Improvement in the Previous Version

Index Case ID Issue Description


Firmware Version 21.333.03.00.00
Previous Firmware
Version
1
2
3
4
5

Page 5
E8372h Firmware Release Notes V1.0 CONFIDENTIAL

3.4 Known Limitations and Issues

Index Case ID Issue Description


1 Unrealized
NA
Features
2

4 WebUI/HiLink

4.1 Version Description

WebUI/HiLink Version: 17.100.21.02.03

4.2 WebUI/HiLink Specifications

Item Specifications

4.3 Improvement in the Previous Version

Index Case ID Issue Description

WebUI Version 17.100.21.02.03


Previous WebUI
Version
1 New Features

4.4 Known Limitations and Issues

Index Case ID Issue Description


Unrealized
1
Features

Page 6
E8372h Firmware Release Notes V1.0 CONFIDENTIAL

5 Software Vulnerabilities Fixes


[Software Vulnerabilities include Android Vulnerability, Third-party software Vulnerability, and Huawei
Vulnerability]

[Android Vulnerability is from Google, which reported publicly.]

[Third-party software is a type of computer software that is sold together with or provided for free in Huawei
products or solutions with the ownership of intellectual property rights (IPR) held by the original contributors.
Third-party software can be but is not limited to: Purchased software, Software that is built in or attached to
purchased hardware, Software in products of the original equipment manufacturer (OEM) or original design
manufacturer (ODM), Software that is developed with technical contribution from partners (ownership of IPR
all or partially held by the partners), Software that is legally obtained free of charge.
The data of third-party software vulnerabilities fixes can be exported from PDM.
If the table is excessively long, you can divide it into multiple ones by product version, or deliver it in an excel
file with patch release notes and provide reference information in this section.]

[Huawei Vulnerability is Huawei own software’ Vulnerability, which found by outside]

Vulnerabilities information is available through CVE IDs in NVD (National Vulnerability Database) website:
http://web.nvd.nist.gov/view/vuln/search
Software/Modul Version CVE ID Vulnerability Solution
e name Description
linux_kernel 3.10 CVE- An elevation of privilege
2017- vulnerability in the
0427 kernel file system could
enable a local malicious
application to execute
arbitrary code within the
context of the kernel.
This issue is rated as
Critical due to the
http://www.securityfocus.
possibility of a local
com/bid/96071
permanent device
compromise, which may
require reflashing the
operating system to
repair the device.
Product: Android.
Versions: Kernel-3.10,
Kernel-3.18. Android
ID: A-31495866.
linux_kernel 3.10 CVE- The alarm_timer_nsleep
2018- function in
13053 kernel/time/alarmtimer.c https://git.kernel.org/pub
in the Linux kernel /scm/linux/kernel/git/tip/t
through 4.17.3 has an ip.git/commit/?
integer overflow via a id=5f936e19cc0ef97dbe3
large relative timeout a56e9498922ad5ba1edef
because ktime_add_safe
is not used.
linux_kernel 3.10 CVE- The futex_requeue https://github.com/torval
2018- function in kernel/futex.c ds/linux/commit/fbe0e83
6927 in the Linux kernel 9d1e22d88810f3ee3e2f1
before 4.14.15 might 479be4c0aa4a
allow attackers to cause
a denial of service
(integer overflow) or
possibly have

Page 7
E8372h Firmware Release Notes V1.0 CONFIDENTIAL

unspecified other impact


by triggering a negative
wake or requeue value.
linux_kernel 3.10 CVE- The HMAC
2017- implementation
17806 (crypto/hmac.c) in the
Linux kernel before
4.14.8 does not validate
that the underlying
cryptographic hash
algorithm is unkeyed,
allowing a local attacker
https://github.com/torval
able to use the AF_ALG-
ds/linux/commit/af3ff804
based hash interface
5bbf3e32f1a448542e73a
(CONFIG_CRYPTO_US
bb4c8ceb6f1
ER_API_HASH) and the
SHA-3 hash algorithm
(CONFIG_CRYPTO_SH
A3) to cause a kernel
stack buffer overflow by
executing a crafted
sequence of system calls
that encounter a missing
SHA-3 initialization.
linux_kernel 3.10 CVE-  The
2017- usb_destroy_configurati
17558 on function in
drivers/usb/core/config.c
in the USB core
subsystem in the Linux
kernel through 4.14.5
does not consider the
maximum number of
https://www.spinics.net/li
configurations and
sts/linux-
interfaces before
usb/msg163644.html
attempting to release
resources, which allows
local users to cause a
denial of service (out-of-
bounds write access) or
possibly have
unspecified other impact
via a crafted USB
device.
linux_kernel 3.10 CVE- The raw_sendmsg()
2017- function in
17712 net/ipv4/raw.c in the
Linux kernel through
4.14.6 has a race https://github.com/torval
condition in inet- ds/linux/commit/8f659a0
>hdrincl that leads to 3a0ba9289b9aeb9b4470
uninitialized stack e6fb263d6f483
pointer usage; this
allows a local user to
execute code and gain
privileges.
linux_kernel 3.10 CVE- The https://github.com/torval
2014- sctp_assoc_lookup_asco ds/linux/commit/b69040d
3687 nf_ack function in 8e39f20d5215a03502a8e
net/sctp/associola.c in 8b4c6ab78395

Page 8
E8372h Firmware Release Notes V1.0 CONFIDENTIAL

the SCTP
implementation in the
Linux kernel through
3.17.2 allows remote
attackers to cause a
denial of service (panic)
via duplicate ASCONF
chunks that trigger an
incorrect uncork within
the side-effect
interpreter.
linux_kernel 3.10 CVE- The sg implementation in
2016- the Linux kernel through
10088 4.9 does not properly
restrict write operations
in situations where the
KERNEL_DS option is
set, which allows local
users to read or write to
https://github.com/torval
arbitrary kernel memory
ds/linux/commit/128394e
locations or cause a
ff343fc6d2f32172f03e248
denial of service (use-
29539c5835
after-free) by leveraging
access to a /dev/sg
device, related to
block/bsg.c and
drivers/scsi/sg.c. NOTE:
this vulnerability exists
because of an incomplete
fix for CVE-2016-9576.
linux_kernel 3.10 CVE- The
2012- sock_alloc_send_pskb
2136 function in
net/core/sock.c in the
Linux kernel before 3.4.5
does not properly
https://github.com/torval
validate a certain length
ds/linux/commit/cc9b17a
value, which allows local
d29ecaa20bfe426a8d4db
users to cause a denial
fb94b13ff1cc
of service (heap-based
buffer overflow and
system crash) or possibly
gain privileges by
leveraging access to a
TUN/TAP device.
linux_kernel 3.10 CVE- net/netfilter/nf_conntrac
2014- k_proto_dccp.c in the
2523 Linux kernel through
3.13.6 uses a DCCP
header pointer
incorrectly, which allows
https://github.com/torval
remote attackers to
ds/linux/commit/b22f512
cause a denial of service
6a24b3b2f15448c3f2a25
(system crash) or
4fc10cbc2b92
possibly execute
arbitrary code via a
DCCP packet that
triggers a call to the (1)
dccp_new, (2)
dccp_packet, or (3)

Page 9
E8372h Firmware Release Notes V1.0 CONFIDENTIAL

dccp_error function.
linux_kernel 3.10 CVE- The llc_cmsg_rcv
2016- function in
4485 net/llc/af_llc.c in the
Linux kernel before 4.5.5
https://github.com/torval
does not initialize a
ds/linux/commit/b8670c0
certain data structure,
9f37bdf2847cc44f36511a
which allows attackers
53afc6161fd
to obtain sensitive
information from kernel
stack memory by reading
a message.
linux_kernel 3.10 CVE-  Linux kernel: heap out-
2017- of-bounds in
1000111 AF_PACKET sockets.
This new issue is
analogous to previously
disclosed CVE-2016-
8655. In both cases, a
socket option that
changes socket state may
race with safety checks
in packet_set_ring.
Previously with
PACKET_VERSION.
This time with
PACKET_RESERVE. http://patchwork.ozlabs.o
The solution is similar: rg/patch/800274/
lock the socket for the
update. This issue may
be exploitable, we did
not investigate further.
As this issue affects
PF_PACKET sockets, it
requires
CAP_NET_RAW in the
process namespace. But
note that with user
namespaces enabled,
any process can create a
namespace in which it
has CAP_NET_RAW.

6 Accessory Product from other Vendor


Version Description
Accessory Product Version:

6.1 Known Limitations and Issues

7 Others

8 Reference

Page 10
E8372h Firmware Release Notes V1.0 CONFIDENTIAL

Page 11

You might also like