CVE-2017-15326

Name of the Vulnerable Software and Affected Versions: DBS3900 TDD LTE versions V100R003C00, V100R004C10

Description: The issue is related to a weak encryption algorithm, which allows an unauthenticated remote attacker to exploit it and potentially cause information leakage. The DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated during communication, it can be exploited to crack the encrypted data.

Recommendations: For DBS3900 TDD LTE version V100R003C00, consider disabling the use of insecure encryption algorithms in SSL/TLS protocol negotiation until a patch is available. For DBS3900 TDD LTE version V100R004C10, restrict the negotiation of encryption algorithms to only secure ones to minimize the risk of exploitation.