Critical severity9.8NVD Advisory· Published May 23, 2016· Updated May 6, 2026

CVE-2016-4576

Description

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

Affected products

Huawei/Ips Module Firmware
cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Ngfw Module Firmware
cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Nip6300 Firmware
cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Nip6600 Firmware
cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Secospace Antiddos8000 Firmware
cpe:2.3:o:huawei:secospace_antiddos8000_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Secospace Usg6300 Firmware
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Secospace Usg6500 Firmware
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Secospace Usg6600 Firmware
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Usg9500 Firmware
cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-01-aspf-ennvdVendor Advisory
www.securityfocus.com/bid/90530nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000