CVE-2017-17150

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00, V600R006C00 Huawei RP200 versions V500R002C00, V600R006C00 Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00 Huawei TE40 versions V500R002C00, V600R006C00 Huawei TE50 versions V500R002C00, V600R006C00 Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00

Description: The issue is due to insufficient validation of a parameter in the Timergrp module, allowing an authenticated local attacker to call a special API with a special parameter, causing an infinite loop. This can enable an attacker to launch a denial-of-service (DoS) attack.

Recommendations: For Huawei DP300 version V500R002C00, update to a version that fixes the issue. For Huawei DP300 version V600R006C00, update to a version that fixes the issue. For Huawei RP200 version V500R002C00, update to a version that fixes the issue. For Huawei RP200 version V600R006C00, update to a version that fixes the issue. For Huawei TE30 version V100R001C10, update to a version that fixes the issue. For Huawei TE30 version V500R002C00, update to a version that fixes the issue. For Huawei TE30 version V600R006C00, update to a version that fixes the issue. For Huawei TE40 version V500R002C00, update to a version that fixes the issue. For Huawei TE40 version V600R006C00, update to a version that fixes the issue. For Huawei TE50 version V500R002C00, update to a version that fixes the issue. For Huawei TE50 version V600R006C00, update to a version that fixes the issue. For Huawei TE60 version V100R001C10, update to a version that fixes the issue. For Huawei TE60 version V500R002C00, update to a version that fixes the issue. For Huawei TE60 version V600R006C00, update to a version that fixes the issue. As a temporary workaround, consider restricting access to the Timergrp module until a patch is available.