Denial of Service Vulnerability in Huawei's DP300 and RP200 Products
CVE-2017-17134

5.5MEDIUM

Key Information:

Vendor: McAfee
Status: Dp300; Rp200; Te30; Te40; Te50; Te60
Vendor: CVE Published:; 5 March 2018

Summary

A denial of service vulnerability exists in the XML parser of several Huawei products, including the DP300 and RP200 series. An authenticated local attacker can exploit this vulnerability by crafting specific XML files that, when parsed by the affected products, may lead to null pointer dereferences. This can ultimately result in service disruption and impact the availability of the affected devices. It is crucial for users of these products to assess their systems and apply any necessary security measures.

Affected Version(s)

DP300; RP200; TE30; TE40; TE50; TE60 DP300 V500R002C00

DP300; RP200; TE30; TE40; TE50; TE60 RP200 V500R002C00SPC200

DP300; RP200; TE30; TE40; TE50; TE60 V600R006C00

References

http://www.huawei.com/en/psirt/security-advisories/2017/h...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2018
Vulnerability Reserved
Dec 4, 2017