CVE-2018-7920 — Uncontrolled Resource Consumption in Huawei Ar1200 Firmware

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 48.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Ar1200 Firmware Huawei Ar160 Firmware Huawei Ar200 Firmware +2 more

Timeline

PublishedApr 19

Latest updateMay 14

Description

Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the socket resource of management interface, leading to a DoS condition.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDhuawei/ar160_firmwarev200r006c10spc300

▶NVDhuawei/ar200_firmwarev200r006c10spc300

▶NVDhuawei/ar1200_firmwarev200r006c10spc300

▶NVDhuawei/ar2200_firmwarev200r006c10spc300

▶NVDhuawei/ar3200_firmwarev200r006c10spc300

🔴Vulnerability Details

GHSA

GHSA-vmrh-mj92-7wj2: Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an↗2022-05-14

▶

CVEList

CVE-2018-7920: Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an↗2018-04-19

▶