PT-2016-7566 · Huawei · Huawei S12700+5
Published
2016-12-28
·
Updated
2018-03-26
·
CVE-2016-8785
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Huawei S12700 versions V200R007C00 through V200R008C00
Huawei S5700 version V200R007C00
Huawei S7700 versions V200R002C00 through V200R008C00
Huawei S9700 version V200R007C00
Description
There is an input validation issue in certain Huawei devices using VRP. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage.
Recommendations
For Huawei S12700 versions V200R007C00 through V200R008C00, update to a version that includes input validation fixes.
For Huawei S5700 version V200R007C00, update to a version that includes input validation fixes.
For Huawei S7700 versions V200R002C00 through V200R008C00, update to a version that includes input validation fixes.
For Huawei S9700 version V200R007C00, update to a version that includes input validation fixes.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei S12700
Huawei S5700
Huawei S7700
Huawei S9700
Huawei Vrp
Vrp