CVSS: 6.8EPSS: 0%CPEs: 110EXPL: 0CVE-2017-8163
https://notcve.org/view.php?id=CVE-2017-8163
AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR150-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR160 with software V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR200 with software V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30,AR200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 with software V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR2200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30,AR510 with software V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30,NetEngine16EX with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,SMC2.0 with software V100R003C10, V100R005C00, V500R002C00, V600R006C00,SRG1300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG2300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG3300 with software V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send specially crafted message to the target device.Successful exploit of the vulnerability could cause out-of-bounds read and system crash. AR120-S con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 con software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 con software V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 con software V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 con software V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 con software V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 con software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 con software V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; NetEngine16EX con software V200R006C10, V200R007C00, V200R008C20, V200R008C30; SMC2.0 con software V100R003C10, V100R005C00, V500R002C00, V600R006C00; SRG1300 con software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 con software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; y SRG3300 con software V200R006C10, V200R007C00, V200R008C20, V200R008C30 tienen una vulnerabilidad de lectura fuera de límites. A causa de una validación de entradas insuficiente, un atacante remoto autenticado podría enviar un mensaje especialmente manipulado al dispositivo objetivo. Una explotación exitosa de esta vulnerabilidad podría provocar una lectura fuera de límites y el cierre inesperado del sistema. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-h323-en • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2016-6901
https://notcve.org/view.php?id=CVE-2016-6901
Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands. Vulnerabilidad de formato de cadena en routers Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200 y AR3600 con software en versiones anteriores a V200R007C00SPC900 y routers NetEngine 16EX con software en versiones anteriores a V200R007C00SPC900 permite a usuarios remotos autenticados provocar una denegación de servicio a través de especificadores de cadena de formato en vectores que involucran comandos parciales. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en http://www.securityfocus.com/bid/92618 • CWE-20: Improper Input Validation •