ID CVE-2017-17182
Summary Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make the device access invalid memory and might reset a process.
References
Vulnerable Configurations
  • cpe:2.3:o:huawei:dp300_firmware:v500r002c00
    cpe:2.3:o:huawei:dp300_firmware:v500r002c00
  • cpe:2.3:h:huawei:dp300
    cpe:2.3:h:huawei:dp300
  • cpe:2.3:o:huawei:rp200_firmware:v500r002c00
    cpe:2.3:o:huawei:rp200_firmware:v500r002c00
  • cpe:2.3:o:huawei:rp200_firmware:v600r006c00
    cpe:2.3:o:huawei:rp200_firmware:v600r006c00
  • cpe:2.3:h:huawei:rp200
    cpe:2.3:h:huawei:rp200
  • cpe:2.3:o:huawei:te30_firmware:v100r001c10
    cpe:2.3:o:huawei:te30_firmware:v100r001c10
  • cpe:2.3:o:huawei:te30_firmware:v500r002c00
    cpe:2.3:o:huawei:te30_firmware:v500r002c00
  • cpe:2.3:o:huawei:te30_firmware:v600r006c00
    cpe:2.3:o:huawei:te30_firmware:v600r006c00
  • Huawei TE30
    cpe:2.3:h:huawei:te30
  • cpe:2.3:o:huawei:te40_firmware:v500r002c00
    cpe:2.3:o:huawei:te40_firmware:v500r002c00
  • cpe:2.3:o:huawei:te40_firmware:v600r006c00
    cpe:2.3:o:huawei:te40_firmware:v600r006c00
  • Huawei TE40
    cpe:2.3:h:huawei:te40
  • cpe:2.3:o:huawei:te50_firmware:v500r002c00
    cpe:2.3:o:huawei:te50_firmware:v500r002c00
  • cpe:2.3:o:huawei:te50_firmware:v600r006c00
    cpe:2.3:o:huawei:te50_firmware:v600r006c00
  • Huawei TE50
    cpe:2.3:h:huawei:te50
  • Huawei TE60 Firmware V100R001C10
    cpe:2.3:o:huawei:te60_firmware:v100r001c10
  • Huawei TE60 Firmware V500R002C00
    cpe:2.3:o:huawei:te60_firmware:v500r002c00
  • Huawei TE60 Firmware V600R006C00
    cpe:2.3:o:huawei:te60_firmware:v600r006c00
  • Huawei TE60
    cpe:2.3:h:huawei:te60
CVSS
Base: 4.0
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
NASL family Huawei Local Security Checks
NASL id HUAWEI-SA-20180207-01-SOAP-EN.NASL
description The remote Huawei product is affected by multiple vulnerabilities.
last seen 2019-02-21
modified 2018-12-07
plugin id 117395
published 2018-09-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=117395
title Huawei Multiple Vulnerabilities
refmap via4
confirm http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-soap-en
Last major update 15-02-2018 - 11:29
Published 15-02-2018 - 11:29
Last modified 23-02-2018 - 15:06
Back to Top