PT-2016-7122 · Huawei · Huawei Ac6605+4
Publicado
2016-08-17
·
Atualizado
2016-09-22
·
CVE-2016-6824
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200
Description
The issue is related to an input validation problem in Huawei access controllers, allowing remote authenticated users to cause a denial of service by sending crafted CAPWAP packets, which can lead to a device restart. This is due to the lack of proper input validation, enabling an attacker to craft malformed CAPWAP protocol packets.
Recommendations
For Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200, update the software to V200R006C10SPC200 or later to resolve the issue. As a temporary workaround, consider restricting access to the CAPWAP protocol to minimize the risk of exploitation.
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huawei Ac6003
Huawei Ac6005
Huawei Ac6605
Huawei Acu2
Huawei Vrp