CVE-2017-15344

Name of the Vulnerable Software and Affected Versions Huawei AR3200 versions V200R006C10 through V200R008C30 Huawei AR1200 (affected versions not specified) Huawei AR120-S (affected versions not specified)

Description The issue is caused by insufficient validation of certain fields in SCTP messages, leading to an integer overflow vulnerability. A remote unauthenticated attacker could send a crafted SCTP message to the device, potentially causing a system reboot. The vulnerability can be exploited by sending a specially crafted SCTP message, allowing a remote attacker to reboot the system.

Recommendations For Huawei AR3200 versions V200R006C10 through V200R008C30, update to a version that fixes the integer overflow vulnerability. For Huawei AR1200 and Huawei AR120-S, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to SCTP messages to minimize the risk of exploitation.