CVE-2017-17281

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 76.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Dp300 Firmware Huawei Rp200 Firmware Huawei Te30 Firmware +3 more

Timeline

PublishedMar 9

Latest updateMay 14

Description

SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

▶NVDhuawei/te30_firmwarev100r001c10, v500r002c00, v600r006c00+2

▶NVDhuawei/te40_firmwarev500r002c00, v600r006c00+1

▶NVDhuawei/te50_firmwarev500r002c00, v600r006c00+1

▶NVDhuawei/te60_firmwarev100r001c10, v500r002c00, v600r006c00+2

▶NVDhuawei/dp300_firmwarev500r002c00

🔴Vulnerability Details

GHSA

GHSA-fwr7-6rxp-pvg8: SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C0↗2022-05-14

▶

CVEList

CVE-2017-17281: SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C0↗2018-03-09

▶