CVE-2017-15314
Description
Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Huawei video conferencing products (DP300, RP200, TE30, TE40, TE50, TE60) have a memory leak when the XML parser fails on a node, potentially leading to system exceptions.
Vulnerability
A memory leak vulnerability exists in the XML parser of Huawei DP300 V500R002C00, RP200 V500R002C00SPC200 and V600R006C00, TE30 V100R001C10SPC300/500/600/700 and V500R002C00SPC200/500/600/700/900/b00 and V600R006C00, TE40 V500R002C00SPC600/700/900/b00 and V600R006C00, TE50 V500R002C00SPC600/700/b00 and V600R006C00, and TE60 V100R001C10 and V500R002C00 and V600R006C00. The memory is not released when the XML parser processes some node and encounters a failure, leading to accumulated memory consumption over time [1].
Exploitation
An attacker does not require authentication but must be able to send crafted XML data to the vulnerable parser on the affected device. The attacker can trigger repeated XML parsing failures by supplying malformed or specially crafted XML input, causing the parser to fail on nodes and not release allocated memory [1].
Impact
Successful exploitation leads to a persistent memory leak, which may exhaust system memory resources. This can cause system performance degradation, service disruption, or system exceptions, potentially resulting in a denial of service (DoS) condition [1].
Mitigation
Huawei has released software updates to fix this vulnerability. Users should upgrade to the resolved product versions listed in the security advisory: DP300 V500R002C00SPCb00; RP200 V600R006C00SPC500; TE30 V600R006C00SPC500; TE40 V600R006C00SPC500; TE50 V600R006C00SPC500; TE60 V600R006C00SPC500 [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei Technologies Co., Ltd./DP300,RP200,TE30,TE40,TE50,TE60v5Range: DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-xml-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.