CVE-2017-8162
https://notcve.org/view.php?id=CVE-2017-8162
AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR150-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR160 with software V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR200 with software V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30,AR200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 with software V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR2200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30,AR510 with software V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30,NetEngine16EX with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,SMC2.0 with software V100R003C10, V100R005C00, V500R002C00, V600R006C00,SRG1300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG2300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG3300 with software V200R006C10, V200R007C00, V200R008C20, V200R008C30 have a DoS vulnerability. Due to incorrect malformed message processing logic, an authenticated, remote attacker could send specially crafted message to the target device.Successful exploit of the vulnerability could cause stack overflow and make a service unavailable. AR120-S con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 con software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 con software V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 con software V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 con software V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 con software V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 con software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 con software V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; NetEngine16EX con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; SMC2.0 con software V100R003C10, V100R005C00, V500R002C00, V600R006C00; SRG1300 con software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 con software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; y SRG3300 con software V200R006C10, V200R007C00, V200R008C20, V200R008C30 tienen una vulnerabilidad de denegación de servicio (DoS). A causa de una lógica de procesamiento de mensajes mal formados incorrecta, un atacante remoto autenticado podría enviar un mensaje especialmente manipulado al dispositivo objetivo. Una explotación exitosa de esta vulnerabilidad podría provocar un desbordamiento de pila y hacer que un servicio no esté disponible. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-h323-en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-6901
https://notcve.org/view.php?id=CVE-2016-6901
Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands. Vulnerabilidad de formato de cadena en routers Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200 y AR3600 con software en versiones anteriores a V200R007C00SPC900 y routers NetEngine 16EX con software en versiones anteriores a V200R007C00SPC900 permite a usuarios remotos autenticados provocar una denegación de servicio a través de especificadores de cadena de formato en vectores que involucran comandos parciales. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en http://www.securityfocus.com/bid/92618 • CWE-20: Improper Input Validation •