VYPR
← All advisories
High severity7.5NVD Advisory· Published Dec 22, 2017· Updated May 13, 2026

CVE-2017-15317

CVE-2017-15317

Description

AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device, causing the device to read out of bounds and restart.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated remote attacker can cause denial of service via malformed SCTP packet in multiple Huawei routers.

Vulnerability

An input validation vulnerability exists in Huawei AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, SRG1300, SRG2300, and SRG3300 series routers running affected firmware versions including V200R006C10, V200R007C00, V200R008C20, V200R008C30, and many others [1]. The vulnerability is due to insufficient validation of Stream Control Transmission Protocol (SCTP) packets. An attacker can exploit this by sending a specially crafted malformed SCTP packet to the device.

Exploitation

An unauthenticated, remote attacker can craft a malformed SCTP packet and send it to the target device. No authentication or prior access is required. The attacker does not need any special network position beyond network reachability to the device [1].

Impact

Successful exploitation causes the device to read out of bounds, leading to a system restart. This results in a denial of service (DoS) condition, impacting availability [1].

Mitigation

Huawei has released software updates to fix this vulnerability. The fixed version is V200R009C00. Users are advised to upgrade their devices to this version or later. The advisory provides specific upgrade paths for each affected product line [1].

References
  1. Security Advisory - Input Validation Vulnerability in Multiple Huawei Products

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

17
  • Huawei/AR2200llm-create
    Range: V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30
  • Huawei/AR1200llm-fuzzy
    Range: V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30
  • Huawei Technologies Co., Ltd./AR1200v5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./AR1200-Sv5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./AR120-Sv5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./AR150v5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./AR150-Sv5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./AR160v5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./AR200v5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./AR200-Sv5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./AR2200v5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./AR2200-Sv5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./AR3200v5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./AR510v5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./SRG1300v5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./SRG2300v5
    Range: V200R006C10
  • Huawei Technologies Co., Ltd./SRG3300v5
    Range: V200R006C10

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.