CVE-2017-17218

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00 Huawei RP200 versions V500R002C00, V600R006C00 Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00 Huawei TE40 versions V500R002C00, V600R006C00 Huawei TE50 versions V500R002C00, V600R006C00 Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00

Description: The issue is related to an out-of-bounds read vulnerability in the SCCPX module. An unauthenticated, remote attacker can craft malformed packets with a specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact the availability of the product service.

Recommendations: For Huawei DP300 version V500R002C00, consider restricting access to the SCCPX module to minimize the risk of exploitation. For Huawei RP200 versions V500R002C00, V600R006C00, avoid using the vulnerable parameter in the affected packets until the issue is resolved. For Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00, temporarily disable the SCCPX module until a patch is available. For Huawei TE40 versions V500R002C00, V600R006C00, restrict access to the SCCPX module to minimize the risk of exploitation. For Huawei TE50 versions V500R002C00, V600R006C00, consider disabling the SCCPX module until a fix is provided. For Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00, avoid using the vulnerable parameter in the affected packets until the issue is resolved.