High severity7.5NVD Advisory· Published May 23, 2016· Updated May 6, 2026

CVE-2016-4577

Description

Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

Affected products

Huawei/Usg9500 Firmware
cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Ngfw Module Firmware
cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Secospace Usg6300 Firmware
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Secospace Usg6600 Firmware
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*
Huawei/Secospace Usg6500 Firmware
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-01-dns-ennvdVendor Advisory
www.securityfocus.com/bid/90532nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000