CVE-2017-2722

Name of the Vulnerable Software and Affected Versions DP300 version V500R002C00 TE60 versions V100R001C01 through V100R001C10, V100R003C00, V500R002C00, V600R006C00 TP3106 versions V100R001C06, V100R002C00 ViewPoint 9030 versions V100R011C02, V100R011C03 eCNS210 TD version V100R004C10 eSpace 7950 versions V200R003C00, V200R003C30 eSpace IAD versions V300R001C07SPCa00, V300R002C01SPCb00 eSpace U1981 versions V100R001C20, V100R001C30, V200R003C00, V200R003C20, V200R003C30

Description The issue is related to an input validation vulnerability. A remote attacker may exploit this by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial of service or execute arbitrary code.

Recommendations For DP300 version V500R002C00, update to a version that includes input validation to prevent exploitation. For TE60 versions V100R001C01 through V100R001C10, V100R003C00, V500R002C00, V600R006C00, restrict access to the device until a patch is available that addresses the input validation vulnerability. For TP3106 versions V100R001C06, V100R002C00, consider disabling the reception of external packets to minimize the risk of exploitation. For ViewPoint 9030 versions V100R011C02, V100R011C03, avoid using the device for critical operations until a fix is applied. For eCNS210 TD version V100R004C10, apply configuration changes to limit the impact of a potential denial of service. For eSpace 7950 versions V200R003C00, V200R003C30, eSpace IAD versions V300R001C07SPCa00, V300R002C01SPCb00, and eSpace U1981 versions V100R001C20, V100R001C30, V200R003C00, V200R003C20, V200R003C30, update to a version that includes proper input validation to prevent arbitrary code execution.