PT-2016-7122 · Huawei · Huawei Ac6605+4

Published

2016-08-17

Updated

2016-09-22

CVE-2016-6824

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200

Description The issue is related to an input validation problem in Huawei access controllers, allowing remote authenticated users to cause a denial of service by sending crafted CAPWAP packets, which can lead to a device restart. This is due to the lack of proper input validation, enabling an attacker to craft malformed CAPWAP protocol packets.

Recommendations For Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200, update the software to V200R006C10SPC200 or later to resolve the issue. As a temporary workaround, consider restricting access to the CAPWAP protocol to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-6824

Affected Products

Huawei Ac6003

Huawei Ac6005

Huawei Ac6605

Huawei Acu2

Huawei Vrp

PT-2016-7122 · Huawei · Huawei Ac6605+4

CVE-2016-6824

Weakness Enumeration

Related Identifiers

Affected Products

References · 4