VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 15, 2018· Updated Aug 5, 2024

CVE-2017-15337

CVE-2017-15337

Description

The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker would have to find a way to craft specific messages to the affected products. Due to the insufficient validation for SIP messages, successful exploit may cause services abnormal.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in Huawei SIP module allows remote attackers to cause service disruption via crafted SIP messages.

Vulnerability

A buffer overflow vulnerability exists in the SIP module of multiple Huawei products, including DP300, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, RP200, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace USG6300/6500/6600, TE30/40/50/60, USG9500/9520/9560/9580, VP9660, ViewPoint 8660/9030, and eSpace U1981, across various firmware versions (e.g., V500R002C00, V100R001C10, etc.). The flaw is due to insufficient validation of values in SIP messages, leading to a buffer overflow when specially crafted messages are processed. [1]

Exploitation

An attacker can exploit this vulnerability by sending specially crafted SIP messages to the affected products over the network. No authentication is required, and the attacker only needs network access to the target device. The crafted messages trigger the buffer overflow due to the lack of proper input validation. [1]

Impact

Successful exploitation causes abnormal service behavior, primarily resulting in a denial of service (DoS) condition. The impact is limited to service disruption; no code execution or data compromise is indicated in the available references. [1]

Mitigation

Huawei has released software updates to fix these vulnerabilities. Affected users should upgrade to the resolved product versions as specified in the security advisory (huawei-sa-20171201-01-sip). No workarounds are provided. [1]

References
  1. Security Advisory - Multiple Buffer Overflow Vulnerabilities in Some Huawei Products

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Huawei/DP300llm-fuzzy
    Range: = V500R002C00
  • Huawei/IPS Modulellm-fuzzy
    Range: V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50
  • Huawei/NGFW Modulellm-fuzzy
    Range: V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10
  • Huawei Technologies Co., Ltd./DP300,IPS Module,NGFW Module,NIP6300,NIP6600,NIP6800,RP200,SVN5600,SVN5800,SVN5800-C,SeMG9811,Secospace USG6300,Secospace USG6500,Secospace USG6600,TE30,TE40,TE50,TE60,USG9500,USG9520,USG9560,USG9580,VP9660,ViewPoint 8660,ViewPoint 9030,eSpace U1981v5
    Range: DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002 ...[truncated*]

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.