CVE-2017-2690

Name of the Vulnerable Software and Affected Versions SoftCo version V200R003C20 eSpace U1910 versions V200R003C00 through V200R003C30 eSpace U1911 versions V200R003C20 through V200R003C30 eSpace U1930 versions V200R003C20 through V200R003C30 eSpace U1960 versions V200R003C20 through V200R003C30 eSpace U1980 versions V200R003C20 through V200R003C30 eSpace U1981 versions V200R003C20 through V200R003C30

Description The issue allows an attacker with specific permission to craft a file containing malicious data and upload it to the device, exhausting memory and causing a denial of service (DoS) condition.

Recommendations For SoftCo version V200R003C20, restrict access to file uploads until a fix is available. For eSpace U1910 versions V200R003C00 through V200R003C30, consider disabling file upload functionality to prevent exploitation. For eSpace U1911 versions V200R003C20 through V200R003C30, avoid allowing unverified files to be uploaded to the device. For eSpace U1930 versions V200R003C20 through V200R003C30, implement memory usage monitoring to detect potential DoS conditions. For eSpace U1960 versions V200R003C20 through V200R003C30, limit the size of uploaded files to prevent memory exhaustion. For eSpace U1980 versions V200R003C20 through V200R003C30, restrict file upload permissions to authorized users only. For eSpace U1981 versions V200R003C20 through V200R003C30, consider implementing a web application firewall (WAF) to filter malicious uploads.