CVE-2017-17134

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00 through V600R006C00 Huawei RP200 version V500R002C00SPC200 Huawei TE30 versions V100R001C10 through V600R006C00 Huawei TE40 versions V500R002C00 through V600R006C00 Huawei TE50 versions V500R002C00 through V600R006C00 Huawei TE60 versions V100R001C10 through V600R006C00

Description: The issue is related to the XML parser, which does not properly check specially crafted XML files. This allows an authenticated local attacker to create specific XML files that, when parsed, can cause a null pointer access, resulting in a denial-of-service (DoS) attack.

Recommendations: For Huawei DP300 versions V500R002C00 through V600R006C00, update to a version that includes the fix for this issue. For Huawei RP200 version V500R002C00SPC200, update to a version that includes the fix for this issue. For Huawei TE30 versions V100R001C10 through V600R006C00, update to a version that includes the fix for this issue. For Huawei TE40 versions V500R002C00 through V600R006C00, update to a version that includes the fix for this issue. For Huawei TE50 versions V500R002C00 through V600R006C00, update to a version that includes the fix for this issue. For Huawei TE60 versions V100R001C10 through V600R006C00, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the XML parser until a patch is available.