CVE-2017-17216

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00 Huawei RP200 versions V500R002C00SPC200 Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00 Huawei TE40 versions V500R002C00, V600R006C00 Huawei TE50 versions V500R002C00, V600R006C00 Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00

Description: The issue is related to an out-of-bounds read vulnerability in the Media Gateway Control Protocol (MGCP) of the affected Huawei products. An unauthenticated, remote attacker can craft malformed packets with a specific parameter to exploit this issue. Due to insufficient validation of packets, successful exploitation may cause a process reboot.

Recommendations: For Huawei DP300 version V500R002C00, update to a fixed version to resolve the issue. For Huawei RP200 version V500R002C00SPC200, update to a fixed version to resolve the issue. For Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00, update to a fixed version to resolve the issue. For Huawei TE40 versions V500R002C00, V600R006C00, update to a fixed version to resolve the issue. For Huawei TE50 versions V500R002C00, V600R006C00, update to a fixed version to resolve the issue. For Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00, update to a fixed version to resolve the issue.