First published: Thu Apr 19 2018(Updated: )
Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the socket resource of management interface, leading to a DoS condition.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Ar1200 Firmware | =v200r006c10spc300 | |
Huawei AR1200 | ||
Huawei Ar160 Firmware | =v200r006c10spc300 | |
Huawei Ar160 | ||
Huawei Ar200 Firmware | =v200r006c10spc300 | |
Huawei Ar200 | ||
Huawei Ar2200 Firmware | =v200r006c10spc300 | |
Huawei Ar2200 | ||
Huawei Ar3200 Firmware | =v200r006c10spc300 | |
Huawei AR3200 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-7920.
The severity of CVE-2018-7920 is high with a score of 7.5.
Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, and AR3200 V200R006C10SPC300 are affected by CVE-2018-7920.
CVE-2018-7920 is an improper resource management vulnerability in Huawei AR series devices, allowing remote attackers to send TCP messages to the management interface.
Please refer to the official Huawei security advisory for information on available fixes and mitigations for CVE-2018-7920.