CVE-2017-17250

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 61.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Ar120-s Firmware Huawei Ar1200-s Firmware Huawei Ar1200 Firmware +18 more

Timeline

PublishedMar 9

Latest updateMay 14

Description

Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the en…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages21 packages

▶NVDhuawei/ar1200_firmwarev200r005c32

▶NVDhuawei/ar1200-s_firmwarev200r005c32

▶NVDhuawei/ar150_firmwarev200r005c32

▶NVDhuawei/ar200_firmwarev200r005c32

▶NVDhuawei/ar150-s_firmwarev200r005c32

🔴Vulnerability Details

GHSA

GHSA-2mqx-vr27-49pv: Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR↗2022-05-14

▶

CVEList

CVE-2017-17250: Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR↗2018-03-09

▶