First published: Thu Feb 15 2018(Updated: )
XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei S12700 Firmware | =v200r005c00 | |
Huawei S12700 Firmware | ||
Huawei S1700 Firmware | =v200r009c00 | |
Huawei S1700 Firmware | =v200r010c00 | |
Huawei S1700 Firmware | ||
Huawei S5700HI Firmware | =v200r001c00 | |
Huawei S5700HI Firmware | =v200r002c00 | |
Huawei S5700HI Firmware | =v200r003c00 | |
Huawei S5700HI Firmware | =v200r003c02 | |
Huawei S5700HI Firmware | =v200r005c00 | |
Huawei S5700HI Firmware | =v200r006c00 | |
Huawei S5700HI Firmware | =v200r007c00 | |
Huawei S5700HI Firmware | =v200r008c00 | |
Huawei S5700HI Firmware | =v200r009c00 | |
Huawei S5700HI Firmware | =v200r010c00 | |
Huawei S5700 Firmware | ||
Huawei S6700EI Firmware | =v200r001c00 | |
Huawei S6700EI Firmware | =v200r002c00 | |
Huawei S6700EI Firmware | =v200r003c00 | |
Huawei S6700EI Firmware | =v200r005c00 | |
Huawei S6700EI Firmware | =v200r005c02 | |
Huawei S6700EI Firmware | =v200r008c00 | |
Huawei S6700EI Firmware | =v200r009c00 | |
Huawei S6700EI Firmware | =v200r010c00 | |
Huawei S6700 Firmware | ||
Huawei Campus S7700 firmware | =v200r001c00 | |
Huawei Campus S7700 firmware | =v200r002c00 | |
Huawei Campus S7700 firmware | =v200r003c00 | |
Huawei Campus S7700 firmware | =v200r005c00 | |
Huawei Campus S7700 firmware | =v200r006c00 | |
Huawei Campus S7700 firmware | =v200r007c00 | |
Huawei Campus S7700 firmware | =v200r008c00 | |
Huawei Campus S7700 firmware | =v200r009c00 | |
Huawei Campus S7700 firmware | =v200r010c00 | |
Huawei Campus S7700 | ||
Huawei LSW S9700 firmware | =v200r001c00 | |
Huawei LSW S9700 firmware | =v200r002c00 | |
Huawei LSW S9700 firmware | =v200r003c00 | |
Huawei LSW S9700 firmware | =v200r005c00 | |
Huawei LSW S9700 firmware | =v200r006c00 | |
Huawei LSW S9700 firmware | =v200r007c00 | |
Huawei LSW S9700 firmware | =v200r008c00 | |
Huawei LSW S9700 firmware | =v200r009c00 | |
Huawei LSW S9700 firmware | =v200r010c00 | |
Huawei Campus LSW S9700 | ||
Huawei eCNS210 TD | =v100r004c10 | |
Huawei eCNS210 TD | =v100r004c10spc003 | |
Huawei eCNS210 TD | =v100r004c10spc100 | |
Huawei eCNS210 TD | =v100r004c10spc101 | |
Huawei eCNS210 TD | =v100r004c10spc102 | |
Huawei eCNS210 TD | =v100r004c10spc200 | |
Huawei eCNS210 TD | =v100r004c10spc221 | |
Huawei eCNS210 TD | =v100r004c10spc400 | |
Huawei eCNS210 TD firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-15346 is rated as high severity due to its potential to allow remote code execution.
To mitigate CVE-2017-15346, upgrade to the latest firmware version provided by Huawei for affected devices.
CVE-2017-15346 affects various models including the S12700, S1700, S3700, S5700, S6700, S7700, and S9700 series.
CVE-2017-15346 is an XML parser vulnerability that exposes the system to potential attacks.
A possible workaround for CVE-2017-15346 includes disabling XML parsing where possible on the affected devices.