CVE-2017-15353
https://notcve.org/view.php?id=CVE-2017-15353
Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660, V100R008C03 have an out-of-bounds read vulnerability. An attacker has to control the peer device and send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause some service abnormal. Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660 y V100R008C03 tienen una vulnerabilidad de lectura fuera de límites. Un atacante debe controlar el dispositivo del mismo nivel y enviar mensajes especialmente manipulados a los productos afectados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-h323-en • CWE-125: Out-of-bounds Read •
CVE-2017-17151
https://notcve.org/view.php?id=CVE-2017-17151
Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks. Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660 y ViewPoint 9030 tienen una vulnerabilidad de validación insuficiente. Debido a que la validación de paquetes es insuficiente, un atacante no autenticado podría enviar paquetes H323 especiales para explotar la vulnerabilidad. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en • CWE-20: Improper Input Validation •
CVE-2017-17283
https://notcve.org/view.php?id=CVE-2017-17283
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have an out-of-bound read vulnerability. A remote attacker send specially crafted Session Initiation Protocol (SIP) messages to the affected products. Due to insufficient input validation, successful exploit will cause some services abnormal. Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00 y V600R006C00 tienen una vulnerabilidad de lectura fuera de límites. Un atacante remoto envía mensajes SIP (Session Initiation Protocol) especialmente manipulados a los productos afectados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVE-2017-17284
https://notcve.org/view.php?id=CVE-2017-17284
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability. A remote attacker may send huge number of specially crafted SIP messages to the affected products. Due to improper handling of some value in the messages, successful exploit will cause some services abnormal. Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00 y V600R006C00 tienen una vulnerabilidad de error de gestión de recursos. Un atacante remoto podría enviar un gran número de mensajes SIP especialmente manipulados a los productos afectados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en •
CVE-2017-17288
https://notcve.org/view.php?id=CVE-2017-17288
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause integer overflow and some process abnormal. Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00 y V600R006C00 tienen una vulnerabilidad de desbordamiento de enteros. Un atacante remoto no autenticado podría enviar mensajes especialmente manipulados a los productos afectados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180131-01-integer-en • CWE-190: Integer Overflow or Wraparound •