CVE-2017-15354

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00 through V600R006C00 Huawei RP200 version V600R006C00 Huawei TE30 version V100R001C10 Huawei TE30 versions V500R002C00 through V600R006C00 Huawei TE40 versions V500R002C00 through V600R006C00 Huawei TE50 versions V500R002C00 through V600R006C00 Huawei TE60 versions V100R001C10 through V600R006C00 Huawei TX50 versions V500R002C00 through V600R006C00

Description: The issue is related to a buffer overflow. An attacker may send specially crafted HTTP messages to the affected products. Due to insufficient input validation of three different parameters in the messages, a successful exploit may cause some service abnormality.

Recommendations: For Huawei DP300 versions V500R002C00 through V600R006C00, consider restricting access to HTTP messages until a patch is available. For Huawei RP200 version V600R006C00, avoid using the vulnerable parameters in the affected HTTP messages until the issue is resolved. For Huawei TE30 version V100R001C10, temporarily disable the reception of specially crafted HTTP messages. For Huawei TE30, TE40, TE50, and TE60 versions V500R002C00 through V600R006C00, restrict the input validation of the three vulnerable parameters. For Huawei TE60 version V100R001C10, apply configuration changes to minimize the risk of exploitation. For Huawei TX50 versions V500R002C00 through V600R006C00, consider disabling the vulnerable service until a patch is available.