CVE-2017-17286

Name of the Vulnerable Software and Affected Versions: Huawei AR120-S versions V200R005C32 through V200R008C30 Huawei AR1200 versions V200R005C32 through V200R008C30 Huawei AR1200-S versions V200R005C32 through V200R008C30 Huawei AR150 versions V200R005C32 through V200R008C30 Huawei AR150-S versions V200R005C32 through V200R008C30 Huawei AR160 versions V200R005C32 through V200R008C30 Huawei AR200 versions V200R005C32 through V200R008C30 Huawei AR200-S versions V200R005C32 through V200R008C30 Huawei AR2200 versions V200R006C10 through V200R008C30 Huawei AR2200-S versions V200R005C32 through V200R008C30 Huawei AR3200 versions V200R005C32 through V200R008C30 Huawei AR3600 versions V200R006C10 through V200R008C20 Huawei AR510 versions V200R005C32 through V200R008C30 Huawei NetEngine16EX versions V200R005C32 through V200R008C30 Huawei SRG1300 versions V200R005C32 through V200R008C30 Huawei SRG2300 versions V200R005C32 through V200R008C30 Huawei SRG3300 versions V200R005C32 through V200R008C30

Description: The issue is an out-of-bound write vulnerability due to insufficient input validation. A remote, unauthenticated attacker may craft an encryption key to the affected products, potentially causing a buffer overflow and services to become abnormal.

Recommendations: For all affected versions, apply the necessary security patches or updates to fix the out-of-bound write vulnerability. As a temporary workaround, consider restricting access to the affected products until a patch is available. Avoid using the affected encryption key in the affected products until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.