CVE-2017-17131

Name of the Vulnerable Software and Affected Versions: Huawei DP300 version V500R002C00 Huawei RP200 version V500R002C00 Huawei RP200 version V600R006C00 Huawei TE30 version V100R001C10 Huawei TE30 version V600R006C00 Huawei TE50 version V600R006C00 Huawei TE60 version V100R001C10 Huawei TE60 version V500R002C00 Huawei TE60 version V600R006C00 Huawei VP9660 version V500R002C10

Description: The issue arises due to insufficient validation of the parameter when a putty comment key is loaded, leading to a denial-of-service (DoS) condition. An authenticated remote attacker can exploit this by placing a malformed putty key file in the system, causing an infinite loop that results in the system rebooting.

Recommendations: For Huawei DP300 version V500R002C00, consider disabling the loading of putty comment keys until a patch is available. For Huawei RP200 version V500R002C00, restrict access to the system manager to minimize the risk of exploitation. For Huawei RP200 version V600R006C00, avoid using the putty key file feature in the system until the issue is resolved. For Huawei TE30 version V100R001C10, temporarily remove the putty comment key loading functionality to prevent the infinite loop. For Huawei TE30 version V600R006C00, restrict the ability to load putty key files to authorized personnel only. For Huawei TE50 version V600R006C00, consider implementing additional validation for putty comment keys to prevent malformed files from being loaded. For Huawei TE60 version V100R001C10, disable the putty key file loading feature until a fix is available. For Huawei TE60 version V500R002C00, restrict the use of the putty comment key loading feature to prevent exploitation. For Huawei TE60 version V600R006C00, avoid loading putty key files from untrusted sources until the issue is resolved. For Huawei VP9660 version V500R002C10, consider temporarily disabling the system manager's ability to load putty comment keys until a patch is available.