CVE-2017-15327
Description
S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Huawei switch products S12700, S7700, S9700 running specific firmware versions have an improper authorization vulnerability allowing normal users to access restricted information, leading to information disclosure.
Vulnerability
The improper authorization vulnerability exists in Huawei switch products S12700, S7700, and S9700 running firmware versions V200R005C00 through V200R010C00 (specific versions listed in the advisory). The system fails to properly verify authorization when a normal user attempts to access information that should only be accessible to authenticated users. This affects multiple firmware versions across the three product lines [1].
Exploitation
An attacker with normal user access to the affected switch can exploit this vulnerability by sending crafted requests to access restricted information. No special network position or additional privileges are required beyond having a valid normal user account on the device. The system incorrectly performs the authorization check, allowing the attacker to bypass access controls [1].
Impact
Successful exploitation leads to information disclosure, where the attacker can view sensitive data that should be restricted to authenticated users. The exact nature of the disclosed information is not specified, but it could include configuration details or other operational data. The impact is limited to confidentiality, with no indication of integrity or availability compromise [1].
Mitigation
Huawei has released software updates to fix this vulnerability. For example, S12700 V200R005C00 should be upgraded to V200R010SPH002. Affected users should upgrade to the resolved versions listed in the security advisory [1]. No workarounds are mentioned. The vulnerability is not listed on the CISA KEV as of the advisory date.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei Technologies Co., Ltd./S12700, S7700, S9700v5Range: S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.