CVE-2017-15355

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00 through V600R006C00 Huawei RP200 version V600R006C00 Huawei TE30 version V100R001C10 Huawei TE30 versions V500R002C00 through V600R006C00 Huawei TE40 versions V500R002C00 through V600R006C00 Huawei TE50 versions V500R002C00 through V600R006C00 Huawei TE60 versions V100R001C10 through V600R006C00 Huawei TX50 versions V500R002C00 through V600R006C00

Description: The issue is caused by a buffer overflow due to insufficient input validation of three different parameters in HTTP messages. An attacker may send specially crafted HTTP messages to the affected products, potentially causing service abnormalities.

Recommendations: For Huawei DP300 version V500R002C00, update to a version later than V600R006C00. For Huawei RP200 version V600R006C00, update to a version later than V600R006C00. For Huawei TE30 version V100R001C10, update to a version later than V100R001C10. For Huawei TE30 versions V500R002C00 through V600R006C00, update to a version later than V600R006C00. For Huawei TE40 versions V500R002C00 through V600R006C00, update to a version later than V600R006C00. For Huawei TE50 versions V500R002C00 through V600R006C00, update to a version later than V600R006C00. For Huawei TE60 versions V100R001C10 through V600R006C00, update to a version later than V600R006C00. For Huawei TX50 versions V500R002C00 through V600R006C00, update to a version later than V600R006C00. As a temporary workaround, consider restricting access to the affected products to minimize the risk of exploitation.