CVE-2016-8786
Description
Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote attacker can cause a denial of service on multiple Huawei switches by sending a malformed RSVP packet, leading to buffer overflow and device restart.
Vulnerability
The vulnerability is a denial of service (DoS) in multiple Huawei switches (S12700, S5700, S6700, S7700, S9700) running specific firmware versions. Due to lack of input validation, a remote attacker can craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing buffer overflows and occasional device restart. Affected versions include S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00; S5700 V200R006C00, V200R007C00, V200R008C00; S6700 V200R008C00; S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00; S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00. [1]
Exploitation
An attacker needs network access to send RSVP packets to the targeted device. No authentication is required. The attacker crafts a malformed RSVP packet and transmits it to the device. The lack of input validation in the RSVP processing code leads to a buffer overflow, which can cause the device to restart. [1]
Impact
Successful exploitation results in a denial of service (DoS) due to device restart. The impact is temporary loss of network services provided by the affected switch. No code execution or data compromise is indicated. [1]
Mitigation
Huawei has released software updates to fix this vulnerability. Affected users should upgrade to the resolved versions as specified in the security advisory. For example, S12700 should be upgraded to V200R009C00SPC500, and similar upgrades are available for other models. The advisory was released on 2016-12-28. No workarounds are mentioned. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Huawei Technologies Co., Ltd./S12700, S5700, S6700, S7700, S9700v5Range: S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.huawei.com/en/psirt/security-advisories/huawei-sa-20161228-01-rsvp-enmitrex_refsource_CONFIRM
- www.securityfocus.com/bid/95139mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.