CVE-2017-15356

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00 through V600R006C00 Huawei RP200 version V600R006C00 Huawei TE30 version V100R001C10 Huawei TE30 versions V500R002C00 through V600R006C00 Huawei TE40 versions V500R002C00 through V600R006C00 Huawei TE50 versions V500R002C00 through V600R006C00 Huawei TE60 versions V100R001C10 through V600R006C00 Huawei TX50 versions V500R002C00 through V600R006C00

Description: The issue is caused by a buffer overflow due to insufficient input validation of three different parameters in HTTP messages. An attacker may send specially crafted HTTP messages to the affected products, potentially causing service abnormalities.

Recommendations: For Huawei DP300 versions V500R002C00 through V600R006C00, consider restricting access to the affected HTTP endpoints until a patch is available. For Huawei RP200 version V600R006C00, avoid using the vulnerable parameters in the affected HTTP messages until the issue is resolved. For Huawei TE30 version V100R001C10, temporarily disable the affected service to minimize the risk of exploitation. For Huawei TE30 versions V500R002C00 through V600R006C00, restrict access to the vulnerable module to prevent potential attacks. For Huawei TE40 versions V500R002C00 through V600R006C00, consider disabling the affected function until a patch is available. For Huawei TE50 versions V500R002C00 through V600R006C00, avoid using the vulnerable parameters in the affected HTTP endpoints until the issue is resolved. For Huawei TE60 versions V100R001C10 through V600R006C00, restrict access to the affected service to minimize the risk of exploitation. For Huawei TX50 versions V500R002C00 through V600R006C00, consider temporarily disabling the affected module until a patch is available.