5.5

CVE-2017-17186

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a DoS vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make some data overwritten, leak device memory and potentially reset a process.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HuaweiDp300 Firmware Versionv500r002c00
   HuaweiDp300 Version-
HuaweiRp200 Firmware Versionv500r002c00
   HuaweiRp200 Version-
HuaweiRp200 Firmware Versionv600r006c00
   HuaweiRp200 Version-
HuaweiTe30 Firmware Versionv100r001c10
   HuaweiTe30 Version-
HuaweiTe30 Firmware Versionv500r002c00
   HuaweiTe30 Version-
HuaweiTe30 Firmware Versionv600r006c00
   HuaweiTe30 Version-
HuaweiTe40 Firmware Versionv500r002c00
   HuaweiTe40 Version-
HuaweiTe40 Firmware Versionv600r006c00
   HuaweiTe40 Version-
HuaweiTe50 Firmware Versionv500r002c00
   HuaweiTe50 Version-
HuaweiTe50 Firmware Versionv600r006c00
   HuaweiTe50 Version-
HuaweiTe60 Firmware Versionv100r001c10
   HuaweiTe60 Version-
HuaweiTe60 Firmware Versionv500r002c00
   HuaweiTe60 Version-
HuaweiTe60 Firmware Versionv600r006c00
   HuaweiTe60 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.346
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.8 2.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.