CVE-2017-17134

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 94.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Dp300 Firmware Huawei Rp200 Firmware Huawei Te30 Firmware +3 more

Timeline

PublishedMar 5

Latest updateMay 13

Description

XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough an authenticated local attacker may craft specific XML files to the affected products and parse this file which cause to null pointer accessing and result in DoS attacks.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDhuawei/te30_firmwarev100r001c10, v500r002c00, v600r006c00+2

▶NVDhuawei/te40_firmwarev500r002c00, v600r006c00+1

▶NVDhuawei/te50_firmwarev500r002c00, v600r006c00+1

▶NVDhuawei/te60_firmwarev100r001c10, v500r002c00, v600r006c00+2

▶NVDhuawei/dp300_firmwarev500r002c00

🔴Vulnerability Details

GHSA

GHSA-72w4-cwfc-v6hr: XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C0↗2022-05-13

▶

CVEList

CVE-2017-17134: XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C0↗2018-03-05

▶