CVE-2017-15317

Name of the Vulnerable Software and Affected Versions Huawei AR120 versions V200R006C10 through V200R008C30 Huawei AR1200 versions V200R006C10 through V200R008C30 Huawei AR1200-S versions V200R006C10 through V200R008C30 Huawei AR150 versions V200R006C10 through V200R008C30 Huawei AR150-S versions V200R006C10 through V200R008C30 Huawei AR160 versions V200R006C10 through V200R008C30 Huawei AR200 versions V200R006C10 through V200R008C30 Huawei AR200-S versions V200R006C10 through V200R008C30 Huawei AR2200 versions V200R006C10 through V200R008C30 Huawei AR2200-S versions V200R006C10 through V200R008C30 Huawei AR3200 versions V200R006C10 through V200R008C30 Huawei AR510 versions V200R006C10 through V200R008C30 Huawei SRG1300 versions V200R006C10 through V200R008C30 Huawei SRG2300 versions V200R006C10 through V200R008C30 Huawei SRG3300 versions V200R006C10 through V200R008C30

Description The issue is caused by insufficient input validation in Huawei multiple products, allowing an unauthenticated, remote attacker to craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device. This can cause the device to read out of bounds and restart.

Recommendations For all affected versions, apply the necessary security patches or updates to fix the input validation vulnerability. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation. Avoid using the vulnerable SCTP protocol until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.