Input Validation Security Flaw in Huawei Devices
CVE-2017-2722

8.8HIGH

Key Information:

Vendor: McAfee
Status: Dp300,te60,tp3106,vieWPoint 9030,ecns210 Td,espace 7950,espace Iad,espace U1981
Vendor: CVE Published:; 22 November 2017

Summary

Huawei network devices exhibit an input validation vulnerability that can be exploited remotely. By sending specifically crafted malformed packets, an attacker could induce a denial of service or execute arbitrary code on the affected devices. It is crucial for users to update affected products to mitigate this risk. For a detailed security advisory, refer to Huawei's official documentation.

Affected Version(s)

DP300,TE60,TP3106,ViewPoint 9030,eCNS210_TD,eSpace 7950,eSpace IAD,eSpace U1981 DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Dec 1, 2016