CVE-2017-15333
Description
XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Huawei switches and eCNS210_TD have a denial-of-service flaw where crafted XML files trigger resource exhaustion without proper validation.
Vulnerability
An XML parser in multiple Huawei products fails to validate crafted XML files, leading to a denial-of-service (DoS) condition. Affected devices include S12700 (V200R005C00), S1700 (V200R009C00, V200R010C00), S3700 (V100R006C03, V100R006C05), S5700 (V200R001C00 through V200R010C00), S6700 (V200R001C00 through V200R010C00), S7700 (V200R001C00 through V200R010C00), S9700 (V200R001C00 through V200R010C00), and eCNS210_TD (V100R004C10 through V100R004C10SPC400) [1]. The vulnerability is referenced as HWPSIRT-2017-03038 and corresponds to CVE-2017-15333 [1].
Exploitation
An attacker can send a specially crafted XML file to an affected product. No authentication network position is needed; the attacker only requires network access to the device. The product processes the file without proper sanity checks, causing the XML parser to consume excessive CPU or memory resources [1].
Impact
Successful exploitation results in a denial-of-service (DoS) condition, rendering the device unresponsive or disrupting normal operations. No data confidentiality, integrity, or privilege escalation is directly achieved [1].
Mitigation
Huawei has released software updates to fix this vulnerability. For example, S12700 users should upgrade to V2R11C10. Administrators should consult the advisory [1] for the exact upgrade path corresponding to each product version. No workarounds are listed; upgrading to the resolved version is the only mitigation [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400
- Huawei Technologies Co., Ltd./S12700, S1700,S3700,S5700,S6700,S7700, S9700, eCNS210_TDv5Range: S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400,
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.