CVE-2016-8276

Name of the Vulnerable Software and Affected Versions Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways versions prior to V300R001C10SPC600

Description The issue is related to a buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module when Challenge Handshake Authentication Protocol (CHAP) authentication is configured on the server. This allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.

Recommendations For versions prior to V300R001C10SPC600, update to V300R001C10SPC600 or later to resolve the issue. As a temporary workaround, consider disabling CHAP authentication on the server until a patch is available. Restrict access to the PPPoE module to minimize the risk of exploitation. Avoid using the PPPoE module for authentication until the issue is resolved.