What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2017-17281.

What is the severity level of CVE-2017-17281?

The severity level of CVE-2017-17281 is medium.

How can a remote attacker exploit CVE-2017-17281?

A remote, authenticated attacker could exploit CVE-2017-17281 through the SFTP module in the affected Huawei devices.

Is there a fix available for CVE-2017-17281?

It is recommended to follow the guidance provided by Huawei in their security advisory to mitigate the vulnerability.

Vulnerability/
CVE-2017-17281

medium

4.3

CWE

125

9/3/2018

29/3/2018

CVE-2017-17281

First published: Fri Mar 09 2018(Updated: )

SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei Dp300 Firmware	=v500r002c00
Huawei DP300
Huawei Rp200 Firmware	=v600r006c00
Huawei Rp200
Huawei Te30 Firmware	=v100r001c10
Huawei Te30 Firmware	=v500r002c00
Huawei Te30 Firmware	=v600r006c00
Huawei TE30
Huawei Te40 Firmware	=v500r002c00
Huawei Te40 Firmware	=v600r006c00
Huawei Te40
Huawei Te50 Firmware	=v500r002c00
Huawei Te50 Firmware	=v600r006c00
Huawei Te50
Huawei Te60 Firmware	=v100r001c10
Huawei Te60 Firmware	=v500r002c00
Huawei Te60 Firmware	=v600r006c00
Huawei TE60

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sftp-en

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2017-17281.
What is the severity level of CVE-2017-17281?
The severity level of CVE-2017-17281 is medium.
What is affected by CVE-2017-17281?
SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 is affected by CVE-2017-17281.
How can a remote attacker exploit CVE-2017-17281?
A remote, authenticated attacker could exploit CVE-2017-17281 through the SFTP module in the affected Huawei devices.
Is there a fix available for CVE-2017-17281?
It is recommended to follow the guidance provided by Huawei in their security advisory to mitigate the vulnerability.

collector/nvd-index
vendor/huawei
product/dp300 firmware
canonical/huawei dp300 firmware
product/dp300
canonical/huawei dp300
product/rp200 firmware
canonical/huawei rp200 firmware
product/rp200
canonical/huawei rp200
product/te30 firmware
canonical/huawei te30 firmware
product/te30
canonical/huawei te30
product/te40 firmware
canonical/huawei te40 firmware
product/te40
canonical/huawei te40
product/te50 firmware
canonical/huawei te50 firmware
product/te50
canonical/huawei te50
product/te60 firmware
canonical/huawei te60 firmware
product/te60
canonical/huawei te60

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.