CVE-2017-17186

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00 Huawei RP200 versions V500R002C00, V600R006C00 Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00 Huawei TE40 versions V500R002C00, V600R006C00 Huawei TE50 versions V500R002C00, V600R006C00 Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00

Description: The issue is caused by insufficient input validation, allowing an authenticated, remote attacker to send malformed SOAP packets to the target device. This could result in data being overwritten, device memory being leaked, and potentially a process being reset.

Recommendations: For Huawei DP300 version V500R002C00, update the software to a version that includes input validation for SOAP packets. For Huawei RP200 versions V500R002C00, V600R006C00, restrict access to the SOAP interface until a patch is available. For Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00, consider disabling the SOAP service temporarily to prevent exploitation. For Huawei TE40 versions V500R002C00, V600R006C00, apply configuration changes to limit the impact of malformed SOAP packets. For Huawei TE50 versions V500R002C00, V600R006C00, avoid using the vulnerable SOAP interface until the issue is resolved. For Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00, as a temporary workaround, consider implementing additional validation for incoming SOAP packets.