CVE-2017-8163

Name of the Vulnerable Software and Affected Versions AR120-S versions V200R006C10 through V200R008C30 AR1200 versions V200R006C10 through V200R008C30 AR1200-S versions V200R006C10 through V200R008C30 AR150 versions V200R006C10 through V200R008C30 AR150-S versions V200R006C10 through V200R008C30 AR160 versions V200R006C10 through V200R008C30 AR200 versions V200R006C10 through V200R008C30 AR200-S versions V200R006C10 through V200R008C30 AR2200 versions V200R006C10 through V200R008C30 AR2200-S versions V200R006C10 through V200R008C30 AR3200 versions V200R006C10 through V200R008C30 AR510 versions V200R006C10 through V200R008C30 NetEngine16EX versions V200R006C10 through V200R008C30 SMC2.0 versions V100R003C10 through V600R006C00 SRG1300 versions V200R006C10 through V200R008C30 SRG2300 versions V200R006C10 through V200R008C30 SRG3300 versions V200R006C10 through V200R008C30

Description The issue is caused by an out-of-bounds read vulnerability due to insufficient input validation. An authenticated, remote attacker could send a specially crafted message to the target device, potentially causing an out-of-bounds read and system crash.

Recommendations For AR120-S versions V200R006C10 through V200R008C30, update to a fixed version. For AR1200 versions V200R006C10 through V200R008C30, update to a fixed version. For AR1200-S versions V200R006C10 through V200R008C30, update to a fixed version. For AR150 versions V200R006C10 through V200R008C30, update to a fixed version. For AR150-S versions V200R006C10 through V200R008C30, update to a fixed version. For AR160 versions V200R006C10 through V200R008C30, update to a fixed version. For AR200 versions V200R006C10 through V200R008C30, update to a fixed version. For AR200-S versions V200R006C10 through V200R008C30, update to a fixed version. For AR2200 versions V200R006C10 through V200R008C30, update to a fixed version. For AR2200-S versions V200R006C10 through V200R008C30, update to a fixed version. For AR3200 versions V200R006C10 through V200R008C30, update to a fixed version. For AR510 versions V200R006C10 through V200R008C30, update to a fixed version. For NetEngine16EX versions V200R006C10 through V200R008C30, update to a fixed version. For SMC2.0 versions V100R003C10 through V600R006C00, update to a fixed version. For SRG1300 versions V200R006C10 through V200R008C30, update to a fixed version. For SRG2300 versions V200R006C10 through V200R008C30, update to a fixed version. For SRG3300 versions V200R006C10 through V200R008C30, update to a fixed version. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.