CVE-2017-17221

CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.8HIGH

EPSS

0.8%

top 25.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Espace 7950 Firmware Huawei Espace 8950 Firmware

Timeline

PublishedMar 9

Latest updateMay 14

Description

Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/espace_7950_firmwarev200r003c30

▶NVDhuawei/espace_8950_firmwarev200r003c00, v200r003c30+1

🔴Vulnerability Details

GHSA

GHSA-c9p4-jv2v-5g2x: Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability↗2022-05-14

▶

CVEList

CVE-2017-17221: Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability↗2018-03-09

▶