CVE-2017-2712 — Technologies CO LTD S3300 vulnerability

CWE-4176 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 61.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies CO LTD S3300 Huawei S3300 Firmware

Timeline

PublishedNov 22

Latest updateMay 17

Description

S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDhuawei/s3300_firmwarev100r006c05

▶CVEListV5huawei_technologies_co_ltd/s3300V100R006C05

🔴Vulnerability Details

GHSA

GHSA-v476-qqh9-vxr9: S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check↗2022-05-17

▶

CVEList

CVE-2017-2712: S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check↗2017-11-22

▶

💥Exploits & PoCs

Exploit-DB

GetGo Download Manager 5.3.0.2712 - Buffer Overflow↗2017-12-26

▶

Exploit-DB

LibTIFF - 'tif_dirwrite.c' Denial of Service↗2017-07-06

▶

💬Community

Bugzilla

CVE-2017-10688 libtiff: Assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function↗2017-07-12

▶