PT-2018-6493 · Huawei · E5771H-937
Published
2018-04-30
·
Updated
2018-06-06
·
CVE-2017-17318
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Huawei MBB (Mobile Broadband) products E5771h-937 versions before E5771h-937TCPU-V200R001B328D62SP00C1133
Huawei MBB (Mobile Broadband) products E5771h-937 versions before E5771h-937TCPU-V200R001B329D05SP00C1308
Description:
The issue allows an attacker to launch a Denial of Service (DoS) attack by sending a special http request to the device. This causes the webserver process to consume excessive memory, resulting in the device becoming unresponsive.
Recommendations:
For versions before E5771h-937TCPU-V200R001B328D62SP00C1133, update to a version after E5771h-937TCPU-V200R001B328D62SP00C1133 to resolve the issue.
For versions before E5771h-937TCPU-V200R001B329D05SP00C1308, update to a version after E5771h-937TCPU-V200R001B329D05SP00C1308 to resolve the issue.
As a temporary workaround, consider restricting access to the webserver process to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
E5771H-937