CVE-2017-17148: Input Validation
First published: Fri Mar 09 2018(Updated: )
Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Dp300 Firmware | <=v500r002c00 | |
| Huawei DP300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2017-17148.
What is the severity of CVE-2017-17148?
The severity of CVE-2017-17148 is medium with a severity value of 5.5.
How does CVE-2017-17148 affect Huawei DP300 V500R002C00?
CVE-2017-17148 affects Huawei DP300 V500R002C00 by allowing an authenticated local attacker to craft specific XML files that can result in DoS attacks.
How can the vulnerability be exploited?
The vulnerability can be exploited by an authenticated attacker who crafts specific XML files and parse them on the affected products.
Is Huawei DP300 V500R002C00 vulnerable to CVE-2017-17148?
Yes, Huawei DP300 V500R002C00 is vulnerable to CVE-2017-17148.
- collector/nvd-index
- vendor/huawei
- canonical/huawei dp300 firmware
- version/huawei dp300 firmware/v500r002c00
- canonical/huawei dp300