CVE-2017-17131

CWE-8353 documents3 sources
Severity
5.7MEDIUM
EPSS
0.2%
top 63.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Huawei Dp300 FirmwareHuawei Rp200 FirmwareHuawei Te30 Firmware+3 more
Timeline
PublishedMar 5
Latest updateMay 13

Description

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 2.1 | Impact: 3.6

Affected Packages6 packages

NVDhuawei/te30_firmwarev100r001c10, v600r006c00+1
NVDhuawei/te50_firmwarev600r006c00
NVDhuawei/te60_firmwarev100r001c10, v500r002c00, v600r006c00+2
NVDhuawei/dp300_firmwarev500r002c00
NVDhuawei/rp200_firmwarev500r002c00, v600r006c00+1

🔴Vulnerability Details

2
GHSA
GHSA-49f9-3p9f-vgr4: Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00;2022-05-13
CVEList
CVE-2017-17131: Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00;2018-03-05
CVE-2017-17131 (MEDIUM CVSS 5.7) | Huawei DP300 V500R002C00 | cvebase.io