CVE-2017-17281

Published: Mar 9, 2018Modified: Nov 21, 2024

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak.

Affected (12)

Products: Huawei: Dp300 Firmware, Rp200 Firmware, Te30 Firmware, Te40 Firmware, Te50 Firmware, Te60 Firmware

6 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Dp300 Firmware	Version v500r002c00

Running on/with	Platform Versions
Huawei Dp300	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rp200 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Rp200	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te30 Firmware	Version v100r001c10
Huawei Te30 Firmware	Version v500r002c00
Huawei Te30 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Te30	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te40 Firmware	Version v500r002c00
Huawei Te40 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Te40	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te50 Firmware	Version v500r002c00
Huawei Te50 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Te50	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te60 Firmware	Version v100r001c10
Huawei Te60 Firmware	Version v500r002c00
Huawei Te60 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Te60	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sftp-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sftp-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.