PT-2018-6437 · Huawei · Te50+5
Publicado
2018-02-15
·
Atualizado
2018-02-26
·
CVE-2017-17185
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
Huawei DP300 versions V500R002C00
Huawei RP200 versions V500R002C00, V600R006C00
Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00
Huawei TE40 versions V500R002C00, V600R006C00
Huawei TE50 versions V500R002C00, V600R006C00
Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00
Description:
The issue is caused by insufficient input validation, allowing an authenticated, remote attacker to send malformed SOAP packets to the target device. This could result in the device accessing invalid memory and potentially resetting a process.
Recommendations:
For Huawei DP300 version V500R002C00, update to a version that includes input validation for SOAP packets.
For Huawei RP200 versions V500R002C00, V600R006C00, update to a version that includes input validation for SOAP packets.
For Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00, update to a version that includes input validation for SOAP packets.
For Huawei TE40 versions V500R002C00, V600R006C00, update to a version that includes input validation for SOAP packets.
For Huawei TE50 versions V500R002C00, V600R006C00, update to a version that includes input validation for SOAP packets.
For Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00, update to a version that includes input validation for SOAP packets.
Correção
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dp300
Rp200
Te30
Te40
Te50
Te60