CVE-2017-17131
5.7
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Exploitability: 2.1 / Impact: 3.6
Source: NVD
Description
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.
Affected (10)
Products: Huawei: Dp300 Firmware, Rp200 Firmware, Te30 Firmware, Te50 Firmware, Te60 Firmware, Vp9660 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version v500r002c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Dp300 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version v500r002c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Rp200 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version v100r001c10 |
| Running on/with | Platform Versions |
|---|---|
Huawei Te30 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version v600r006c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Te50 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version v100r001c10 |
| Running on/with | Platform Versions |
|---|---|
Huawei Te60 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version v500r002c10 |
| Running on/with | Platform Versions |
|---|---|
Huawei Vp9660 | All versions |
References (2)
Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.