Buffer Overflow Vulnerability in Huawei DP300 Devices
CVE-2017-17146

7.8HIGH

Key Information:

Vendor: McAfee
Status: Dp300
Vendor: CVE Published:; 9 March 2018

What is CVE-2017-17146?

Huawei DP300 devices, specifically the V500R002C00 version, exhibit a buffer overflow vulnerability caused by inadequate input validation. An authenticated local attacker can exploit this weakness by creating specially crafted XML files, which when processed, may lead to denial-of-service (DoS) conditions or allow remote execution of arbitrary code on the affected device. This makes it critical for users to apply necessary updates and maintain device security.

Affected Version(s)

DP300 V500R002C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2018
Vulnerability Reserved
Dec 4, 2017

JSON

McAfee

What is CVE-2017-17146?

Affected Version(s)

References

CVSS V3.1

Timeline