PT-2018-6452 · Huawei · Huawei Espace 7950+1

Published

2018-03-09

Updated

2018-03-27

CVE-2017-17221

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Huawei eSpace 7950 version V200R003C30 Huawei eSpace 8950 version V200R003C00

Description: The issue allows an authenticated, remote attacker to execute arbitrary code on the affected products. This is possible due to insufficient verification of packets after the Signal Tone function is uploaded, enabling the attacker to craft and send malicious packets.

Recommendations: For Huawei eSpace 7950 version V200R003C30, consider disabling the Signal Tone function until a fix is available. For Huawei eSpace 8950 version V200R003C00, consider disabling the Signal Tone function until a fix is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-17221

Affected Products

Huawei Espace 7950

Huawei Espace 8950

PT-2018-6452 · Huawei · Huawei Espace 7950+1

CVE-2017-17221

Weakness Enumeration

Related Identifiers

Affected Products

References · 3